Mailing List CGatePro@mail.stalker.com Message #105080
From: Gib Henry <gib@realpeople.com>
Subject: Re: TLS connection is being closed by peer
Date: Fri, 25 Jul 2014 11:51:42 -0500
To: CommuniGate Pro Mailing List <CGatePro@mail.stalker.com>
Okay, done.  Though I should hope that Mac OS 10.9 and iOS 7 don't still use "old TLS"!  Subsequently, I encounter this from my own machine:

11:40:20.305 4 IMAP-007863([24.73.176.115]) [24.73.176.117]:993 <- [24.73.176.115]:64924 incoming connection(realpeople.com)
11:40:20.305 4 IMAP-007863([24.73.176.115]) got TLS connection for realpeople.com
11:40:20.507 3 IMAP-007863([24.73.176.115]) failed to accept a secure connection for 'realpeople.com'. Error Code=resume request has a wrong cipher
11:40:20.507 4 IMAP-007863([24.73.176.115]) closing connection
11:40:20.507 4 IMAP-007863([24.73.176.115]) releasing stream
11:40:21.472 4 IMAP-007864([24.73.176.115]) [24.73.176.117]:993 <- [24.73.176.115]:64925 incoming connection(realpeople.com)
11:40:21.514 4 IMAP-007864([24.73.176.115]) SSLv3 security initiated
11:40:21.514 4 IMAP-007864([24.73.176.115]) TLS-007938(AES256_SHA) connection accepted for 'realpeople.com'
11:40:21.957 2 IMAP-007864([24.73.176.115]) 'gib@realpeople.com' connected(CRAM-MD5) [24.73.176.115]:64925->[24.73.176.117]:993(tls)

How does "
resume request has a wrong cipher" point to the source of the problem?  And why does it connect just fine a second later (this time)?  Cheers,
--
Gib

On 7/25/14 10:12 AM, Juergen P. [core] wrote:
try admin --settings -- other --  CBC Ciphers for old TLS  


kr

juergen
On Fri, 25 Jul 2014 10:09:35 -0500
 Gib Henry <gib@realpeople.com> wrote:
        Okay, you want more info.  Server is a Mac mini running 10.9 Mavericks.  This user is an iPhone on wifi (all our iPhones seem to have the problem more often than desktop Macs, but every device encounters the problem to some degree).  I figure we have no more than 30 devices checking email, 100 IMAP channels, 30 reserved for clients, 30 for non-clients, 30 from same address.  Here's another typical time-out log snippet (same user):

   
 01:33:11.818 2 IMAP-007732([108.72.228.172]) 'user@realpeople.com' connected(CRAM-MD5) [108.72.228.172]:60583->[24.73.176.117]:993(tls)(temp client)
 01:33:18.863 2 IMAP-007732([108.72.228.172]) 'user@realpeople.com' disconnected ([108.72.228.172]:60583)
 01:42:57.501 3 IMAP-007686([71.12.181.40]) read failed. Error Code=read time-out
 01:50:50.121 3 IMAP-007709([108.72.228.172]) read failed. Error Code=read time-out
 01:50:50.121 3 IMAP-007708([108.72.228.172]) read failed. Error Code=read time-out
 01:50:50.121 2 IMAP-007709([108.72.228.172]) 'user@realpeople.com' disconnected ([108.72.228.172]:55866)
 01:50:50.121 2 IMAP-007708([108.72.228.172]) 'user@realpeople.com' disconnected ([108.72.228.172]:55862)
 01:50:50.890 3 IMAP-007707([108.72.228.172]) read failed. Error Code=read time-out
 01:50:50.890 2 IMAP-007707([108.72.228.172]) 'user@realpeople.com' disconnected ([108.72.228.172]:55856)
 01:50:50.960 3 IMAP-007710([108.72.228.172]) read failed. Error Code=read time-out
 01:50:50.960 2 IMAP-007710([108.72.228.172]) 'user@realpeople.com' disconnected ([108.72.228.172]:55867)

 What's causing these time-outs and TLS closures???  Cheers,
 --
 Gib Henry
   
 On 7/25/14 6:00 AM, CommuniGate Pro Discussions wrote: 
                                 
 Subject:          TLS connection is being closed by peer 
                               From:  Gib Henry <gib@realpeople.com
                               
 Date:  Thu, 24 Jul 2014 14:22:06 -0500                  
   
   In investigating numerous complaints of IMAP connection failures, we see a lot of events like this:
   
      
 14:11:31.615 2 IMAP-007513([108.72.228.172]) 'user@realpeople.com' connected(CRAM-MD5) [108.72.228.172]:55326->[24.73.176.117]:993(tls)(temp client)
 14:11:33.477 3 IMAP-007510([108.72.228.172]) read failed. Error Code=TLS connection is being closed by peer
 14:11:33.477 2 IMAP-007510([108.72.228.172]) 'user@realpeople.com' disconnected ([108.72.228.172]:55310)   
 Eventually, after seconds to hours, the problem user does connect with no configuration changes at either end, so the problem is transient or intermittent.  Can anyone suggest what it might be, or how to make connections more consistent?  Thanks in advance for any insight.  Cheers,
 --
 Gib Henry
       
 #############################################################

 This message is sent to you because you are subscribed to

  the mailing list <CGatePro@mail.stalker.com>.

 To unsubscribe, E-mail to: <CGatePro-off@mail.stalker.com>

 To switch to the DIGEST mode, E-mail to <CGatePro-digest@mail.stalker.com>

 To switch to the INDEX mode, E-mail to <CGatePro-index@mail.stalker.com>

 Send administrative queries to  <CGatePro-request@mail.stalker.com

--
Best Regards

Juergen Paulhart

VoIP / SIP / IM / E-Mail : juergenp@core.at
TEL: +43 676 30 592 44  
VoIP Support:  +43 1 236 46 60 600
***  IT Security, Cloud based Communication Technologies, UC Centrex Solutions and Hosted Unified Communications ***
  thug nature  <<<
Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster