[imp] how to get IMP to STARTTLS
Curtis Doty
Curtis@GreenKey.net
Sun, 24 Mar 2002 18:42:02 -0800
>> But tried a dozen combinations on 'protocol' => 'yada/yada' to no
>> avail.
>
>So, sounds like you want /imap/ssl/novalidate-cert.
Actually I want STARTTLS...which is different from imaps (imap over ssl
tunnel).
With imap/ssl/novalidate-cert:
IMAP Response: * OK [CAPABILITY IMAP4REV1 LOGIN-REFERRALS STARTTLS
LOGINDISABLED]
IMAP Request: \200z\001\003\001\000Q\000\000\000
\000\000\026\000\000\023\000\000
Which is bogus on port 143, since the daemon did not get a STARTTLS.
With imap4rev1 on port 143:
IMAP Response: * OK [CAPABILITY IMAP4REV1 LOGIN-REFERRALS STARTTLS
LOGINDISABLED]
IMAP Request: 00000000 LOGOUT
Which is legit IMAP, but IMP/PHP just gives up?! Why?
>From what I understand, the conversation should look like this:
IMAP Response: * OK [CAPABILITY IMAP4REV1 LOGIN-REFERRALS STARTTLS
LOGINDISABLED]
IMAP Request: 00000000 STARTTLS
IMAP Response: 00000000 OK STARTTLS completed
At which point it negotiates a new secured CAPABILITY:
IMAP Request: \026\003\001\000S\001\000\000O\003\yada\yada
So I presume I should use imap/tls/novalidate-cert or maybe imap/secure,
but IMP drops that request into a black hole and the IMAP server never
sees a single SYN.
../C