All About Symbian - Nokia (S60) and Sony Ericsson (UIQ) smartphones unwrapped

  #16  
Old 15-02-2003, 09:07 PM
Guest
 
Posts: n/a
hiya

send me the command line call of delegated you are using

also, what type of certs are you using, self signed through opensll, etc?

try setting up an HTTPS proxy with delegate on your box to your HTTPS server (if you have one) and see if that works..

strange that you aren't getting a cert message on your client.

and yes, couldnt agree with you more on SEs choice here to use starttls.. very stupid. while i like open standards (which is what this is versus 993), the reality is nobody, and most importantly, microsoft, is using it yet.

btw, does your secure password authentication button ever allow to be picked? id like to do ntlm authentication if at all possible.. but the check box never allows me to select it.

rob

  #17  
Old 05-03-2003, 12:14 PM
Guest
 
Posts: n/a
STARTTLS/STLS is the Good Way of doing this.

I have no problems with IMAP/POP3 or SMTP using STARTTLS/STLS - there are plenty of daemons which support it, PINE's IMAPd and POP3d support it and there's Qpopper etc.

The extremely annoying bug in the P800 is when you try to use authenticated SMTP with TLS - it just doesn't like it, it does the TLS stage and then doesn't try to authenticate.

  #18  
Old 05-03-2003, 12:31 PM
lcs lcs is offline
Registered User
 
Join Date: Dec 2002
Posts: 2
lcs is on a distinguished road
Quote:
Originally Posted by Anonymous
STARTTLS/STLS is the Good Way of doing this.

I have no problems with IMAP/POP3 or SMTP using STARTTLS/STLS - there are plenty of daemons which support it, PINE's IMAPd and POP3d support it and there's Qpopper etc.
By using a different port (993) you can block the insecure port 143. Using STARTTLS, you have to keep 143 open, which in turn means people may accidentally connect unencrypted and thus send their password in clear text.

  #19  
Old 08-03-2003, 08:32 PM
Guest
 
Posts: n/a
Get a different IMAPd ...

I can certainly disable non-TLS, and probably disable it based on specific ACLs.

  #20  
Old 25-06-2003, 09:44 PM
Guest
 
Posts: n/a
Quote:
Originally Posted by lcs
By using a different port (993) you can block the insecure port 143. Using STARTTLS, you have to keep 143 open, which in turn means people may accidentally connect unencrypted and thus send their password in clear text.
The P800 IMAP client supports RFC2595 for secure IMAP connections, as pointed out the client makes a connection in the clear to the specified port usually 143. However a IMAP server that confirms to the RFC should support LOGINDISABLED, this means that a client has to first setup a secure connection using STARTTLS before passing any LOGIN information, which otherwise could be seen sent over a unencrypted connection.

Example: C: a001 CAPABILITY
S: * CAPABILITY IMAP4rev1 STARTTLS LOGINDISABLED
S: a001 OK CAPABILITY completed
C: a002 STARTTLS
S: a002 OK Begin TLS negotiation now
<TLS negotiation, further commands are under TLS layer>
C: a003 CAPABILITY
S: * CAPABILITY IMAP4rev1 AUTH=EXTERNAL
S: a003 OK CAPABILITY completed
C: a004 LOGIN joe password
S: a004 OK LOGIN completed

The current UW IMAPD supports this and works well.

The only annoyingn thing as pointed out by another poster is the SMTP/S connections that correctly use STARTTLS but then don't perform a SMTP AUTH.

I had some Symbian folks check this out with access to the P800 code and it is indeed a bug :cry:

HTH

Michael

  #21  
Old 23-07-2003, 03:45 AM
Guest
 
Posts: n/a
SMTP/IMAP

I've been hacking on this all day, so I'll just add another confirmation on the behavior some are seeing:

IMAP:
If you set it to secure mode, regardless of what port number you enter, what it's looking for is STARTTLS-based encryption, *not* the wrapper-mode encryption that is often found on port 993. UW-IMAP compiled with SSL support (I'm using version 2002d) listening on port 143 supports this correctly. There's some settings (read the docs) at compile time where you can force uw-imap to only accept passwords over SSL, which essentially means the connection is required to start up with a STARTTLS, so that nobody goes and accidentally starts sending plaintext over your port 143 by misconfiguring their client. Other than the little annoyances others noted (like not syncing up on read/unread status, and only supporting the INBOX folder and nothing else), it works well for me. It properly deletes messages off of the remote server and all.

SMTP:
Again, for encryption to work it has to be STARTTLS, not wrapper mode as was sometimes found on port 465 (ssmtp service). I can get a STARTTLS mode connection to my smtp server (postfix 2.x + ssl + sasl2) just fine, but it doesn't even try to do the authentication I asked it to. Since my mail server isn't an open relay, without auth I can't very well send emails from my phone. Since I'm authenticating against PAM (which is against my md5s in /etc/shadow), I can't use a non-cleartext auth scheme like CRAM-MD5 either, so I can't very well do AUTH without TLS, so I'm not even about to try that as a workaround and have some scummy telco employee take my password with a sniffer.

Has anyone seen smtp TLS+AUTH work right in any situation? Is the bug inversal or only limited to some firmware revs?
Ads
 

Bookmarks

Tags
confused, email, p800, security

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
P800 cannot send email with vodafone.net email account (uk) Chewie Sony Ericsson P800, P900 and P910 23 28-03-2008 07:13 AM
How to send and recieve email on Vodafone (UK) with P800 Chewie Sony Ericsson P800, P900 and P910 5 14-01-2007 02:52 PM
Any P800 and orange.net email users??? orange.peel Sony Ericsson P800, P900 and P910 2 10-09-2003 02:16 PM
New: Geek Security Tools for the P800 Rafe UIQ 0 03-08-2003 11:40 PM
Anyone synchs P800 with Lotus Notes email ? patwap Sony Ericsson P800, P900 and P910 5 28-01-2003 01:38 PM



All times are GMT. The time now is 09:02 AM.


vBulletin skins developed by: eXtremepixels
Powered by vBulletin® Version 3.8.0
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
Copyright Notes || Contact Us || Privacy Policy