Bug 69246 - IMAP doesn't work with TLS and IPv6 at the same time
Summary: IMAP doesn't work with TLS and IPv6 at the same time
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: imap (Show other bugs)
(Show other bugs)
Version: 7.3
Hardware: athlon Linux
Target Milestone: ---
Assignee: Mike A. Harris
QA Contact: David Lawrence
Depends On:
TreeView+ depends on / blocked
Reported: 2002-07-19 15:24 UTC by Pete Chown
Modified: 2007-04-18 16:44 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2002-07-19 15:24:27 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Pete Chown 2002-07-19 15:24:23 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 Galeon/1.2.5 (X11; Linux i686; U;) Gecko/20020606

Description of problem:
The imap server looks at the local port number to determine whether it should
start in TLS or cleartext mode.  If the port is 993 it starts in TLS mode,
otherwise in cleartext mode.

Unfortunately this test does not work properly when the socket uses IPv6.  This
means that the imap server runs in plaintext mode even on the imaps port when
IPv6 is in use.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.Turn on IPv6 in /etc/sysconfig/network.  If there are no router
advertisements on your network you may need to configure an IPv6 address for
your machine manually.  You may also need to reboot in order for the settings to
take effect.

2. Ensure that the imaps server is enabled.

3. At this point you could use an IPv6 and TLS capable mail client to connect to
the imaps port.  You would see that it wouldn't work, since one end is expecting
TLS and the other isn't.  However it is easiest to connect using telnet.  I will
assume for the rest of the bug report that you have done this.

Actual Results:  The cleartext IMAP banner will be displayed.

Expected Results:  You shouldn't see anything, because there should be a TLS
server on the port.  The TLS server would be expecting to receive a client hello
message.  Of course if you connect with telnet it will not receive this.

Additional info:

Testing the IMAP/TLS/IPv6 server is a nuisance because openssl s_client doesn't
support IPv6.  Mozilla is probably your best bet, and use ethereal to see what
is happening on the wire when Mozilla tries to log in.

Comment 1 Mike A. Harris 2002-07-24 07:52:33 UTC
We do not officially support IPv6 with UW imap.  This problem should instead
be reported to the University of Washington upstream to address in a future
release of their imap server software package.

Once they've fixed the problem and included it in a new release, it will
be available in some future release of Red Hat Linux.

Note You need to log in before you can comment on or make changes to this bug.