CONTENT

CHANGES

Szukaj

#top Przydatne informacje¶

#top Timeout¶

#top Load Balancing with HAProxy¶

#top Dovecot behind HAProxy¶

Zobacz także Dovecot behind HAProxy dla: HAProxy (HAProxy)

W niniejszej konfiguracji HAProxy odbiera połączenia przychodzące na port 1143 i przekierowywuje je do Dovecot na port 10143:

Plik konfiguracyjny /etc/dovecot/conf.d/10-master.conf:

haproxy_trusted_networks = 10.41.0.58/32
haproxy_timeout = 30

service imap-login {
[...]
  inet_listener imap_haproxy {
    port = 10143
    haproxy = yes
  }
[...]
}

Aby w logach access serwera Dovecot zamiast adresu serwera Proxy zapisywany był adres klienta łączącego się poprzez Proxy niezbędne jest wprowadzenie powyższych zmian w konfiguracji serwera Dovecot.

Po zalogowaniu się z hosta o adresie 10.0.0.3 do serwera Dovecot po protokole IMAP o adresie 10.41.0.58 w logach powinny pojawiać się informacje analogiczne do poniższych:
Plik z logami /var/log/haproxy/haproxy0.log:

Mar 13 23:41:18 localhost.localdomain haproxy-1.8[3670]: ::ffff:10.0.0.3:58083 [13/Mar/2018:23:41:16.013] public_imap bknd_cen060x64_imap/host_cen060x64 1/1/2858 4393 -- 1/1/0/0/0 0/0

Plik z logami /var/log/mail/mail.log:

Mar 13 23:41:16 cen06x64 dovecot: imap-login: Login: user=<admin@cen06x64.xen.wbcd.pl>, method=PLAIN, rip=::ffff:10.0.0.3, lip=::ffff:10.41.0.58, mpid=8423, TLS, session=<uYPe9FJn4+IAAAAAAAAAAAAA//8KAAAD>
Mar 13 23:41:18 cen06x64 dovecot: imap(admin@cen06x64.xen.wbcd.pl): Logged out in=236 out=2493

Dla porównania poniżej informacje jakie powinny pojawiać się w logach w przypadku zastosowania połączenia HAProxy do Dovecot na port 143 (w logach serwera Dovecot będzie pojawiać się jako adres IP klienta adres serwera HAProxy):
Plik z logami /var/log/haproxy/haproxy0.log:

Mar 13 23:41:26 localhost.localdomain haproxy-1.8[3670]: ::ffff:10.0.0.3:57746 [13/Mar/2018:23:41:23.872] public_imap2 bknd_cen060x64_imap2/host_cen060x64 1/145/2412 4393 -- 1/1/0/0/0 0/0

Plik z logami /var/log/mail/mail.log:

Mar 13 23:41:24 cen06x64 dovecot: imap-login: Login: user=<admin@cen06x64.xen.wbcd.pl>, method=PLAIN, rip=10.41.0.58, lip=10.41.0.58, mpid=8429, TLS, session=<SEJW9VJna+cKKQAj>
Mar 13 23:41:26 cen06x64 dovecot: imap(admin@cen06x64.xen.wbcd.pl): Logged out in=236 out=2493

#top TLS SNI¶

Dovecot 1.*
Multiple SSL certificates

This requires v2.0.

With v1.x you need to use multiple instances with multiple configurations.

Dovecot 2.*
With client TLS SNI (Server Name Indication) support

It is important to note that having multiple SSL certificates per IP will not be compatible with all clients, especially mobile ones. It is a TLS SNI limitation. See SSL/SNIClientSupport for list of clients known to (not) support SNI.

Zgodnie z powyższymi informacjami obsługa wielu certyfikatów przez Dovecot w wersji 1.* wymaga uruchomienia wielu instancji serwera Dovecot. Obsługa TLS SNI jest dostępna w Dovecot od wersji 2.*.

#top SNI config¶

# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
# dropping root privileges, so keep the key file unreadable by anyone but
# root. Included doc/mkcert.sh can be used to easily generate self-signed
# certificate, just make sure to update the domains in dovecot-openssl.cnf
#ssl_cert = </etc/pki/dovecot/certs/dovecot.pem
#ssl_key = </etc/pki/dovecot/private/dovecot.pem
ssl_cert = </etc/pki/tls/certs/cen06x64.xen.wbcd.pl.pem
ssl_key  = </etc/pki/tls/certs/cen06x64.xen.wbcd.pl.pem
local_name cen06x64a.xen.wbcd.pl {
  ssl_cert = </etc/pki/tls/certs/cen06x64a.xen.wbcd.pl.pem
  ssl_key  = </etc/pki/tls/certs/cen06x64a.xen.wbcd.pl.pem
}
local_name cen06x64b.xen.wbcd.pl {
  ssl_cert = </etc/pki/tls/certs/cen06x64b.xen.wbcd.pl.pem
  ssl_key  = </etc/pki/tls/certs/cen06x64b.xen.wbcd.pl.pem
}
local_name cen06x64c.xen.wbcd.pl {
  ssl_cert = </etc/pki/tls/certs/cen06x64c.xen.wbcd.pl.pem
  ssl_key  = </etc/pki/tls/certs/cen06x64c.xen.wbcd.pl.pem
}

#top SNI check¶

imapcmds --syserrors -w 5 --half-open --SNI=localhost --ca-file=/etc/pki/tls/certs/ca-bundle.crt --starttls --tlsinfo --certcheck-no --certverify --certinfo noop imap://10.41.0.58:143/

imapcmds: Resolving 10.41.0.58 ... 10.41.0.58 Success
imapcmds: Connecting to 10.41.0.58[10.41.0.58]:143 ... Success
imapcmds: TLS:LAYER: Description: (TLS1.2-PKIX)-(ECDHE-RSA-SECP384R1)-(AES-256-GCM)-(AEAD)
imapcmds: TLS:LAYER: Session ID: 9E:75:C7:62:18:2D:C1:FE:BD:44:C6:20:42:71:7C:03:13:79:EB:A3:6D:46:61:87:08:76:B2:43:69:E7:6A:D3
imapcmds: TLS:LAYER: Ephemeral EC Diffie-Hellman parameters
imapcmds: TLS:LAYER:  Using curve: SECP384R1
imapcmds: TLS:LAYER:  Curve size: 384 bits
imapcmds: TLS:LAYER: Cipher Suite: ECDHE_RSA_AES_256_GCM_SHA384
imapcmds: TLS:LAYER: Version: TLS1.2
imapcmds: TLS:LAYER: Key Exchange: ECDHE-RSA
imapcmds: TLS:LAYER: Cipher: AES-256-GCM
imapcmds: TLS:LAYER: MAC: AEAD
imapcmds: TLS:LAYER: Compression: NULL
imapcmds: TLS:LAYER: Server Signature: RSA-SHA256
imapcmds: TLS:LAYER: Channel binding 'tls-unique': 3e45b36cea4255ec24bb5d39
imapcmds: CERT:VERIFY: Peer's certificate issuer is unknown
imapcmds: CERT:VERIFY: Peer's certificate is NOT trusted
imapcmds: CERT[0]:VERIFY: The hostname in the certificate does NOT match 'localhost'
imapcmds: CERT[0]:VERIFY: Issuer : C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=Webbot Certification Authority,EMAIL=ssl@wbcd.pl
imapcmds: CERT[0]:VERIFY: Subject: C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=cen06x64.xen.wbcd.pl,EMAIL=ssl@wbcd.pl
imapcmds: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Not Before: 2014/04/04 22:33:09
imapcmds: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Not After : 2024/04/01 22:33:09
imapcmds: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Cert expire after 2217 [d] (191571086 [s]))
imapcmds: X.509: Version: 3
imapcmds: X.509: Serial Number (hex): 0A
imapcmds: X.509: Signature Algorithm: RSA-SHA1
imapcmds: X.509: Issuer : C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=Webbot Certification Authority,EMAIL=ssl@wbcd.pl
imapcmds: X.509: Subject: C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=cen06x64.xen.wbcd.pl,EMAIL=ssl@wbcd.pl
imapcmds: X.509: Validity: Not Before: 2014/04/04 22:33:09
imapcmds: X.509: Validity: Not After : 2024/04/01 22:33:09
imapcmds: X.509: Subject Public Key Info: Public Key Algorithm: RSA (4096 bits)
imapcmds: X.509: Extensions: Basic Constraints: (not critical) CA:FALSE
imapcmds: X.509: Extensions: Key usage: (not critical) Digital signature.
imapcmds: X.509: Extensions: Key usage: (not critical) Key encipherment.
imapcmds: X.509: Extensions: Key purpose OIDs:(not critical) TLS WWW Server.
imapcmds: X.509: Extensions: Key purpose OIDs:(not critical) TLS WWW Client.
imapcmds: X.509: Extensions: Other Information: MD5 fingerprint:   f319a7e502fc326c5f5d5714015cf52b
imapcmds: X.509: Extensions: Other Information: SHA-1 fingerprint: dd12d6735c1e4c42570f1d58b687457f90403c5e
imapcmds: X.509: Extensions: Other Information: Public Key Id:     f060fc3fc9ff5616ba3f8d81fe279acea3b2ae0a
imap://10.41.0.58:143/ dnsq=0.000, conn=0.001, bann=0.000, starttls=0.001, socktls=0.187, auth=0.000, quit=0.001, comm=0.001, summ=0.492, result=0:DONE OK Logout completed.

imapcmds --syserrors -w 5 --half-open --SNI=cen06x64.xen.wbcd.pl --ca-file=/etc/pki/tls/certs/ca-bundle.crt --starttls --tlsinfo --certcheck-no --certverify --certinfo noop imap://10.41.0.58:143/

imapcmds: Resolving 10.41.0.58 ... 10.41.0.58 Success
imapcmds: Connecting to 10.41.0.58[10.41.0.58]:143 ... Success
imapcmds: TLS:LAYER: Description: (TLS1.2-PKIX)-(ECDHE-RSA-SECP384R1)-(AES-256-GCM)-(AEAD)
imapcmds: TLS:LAYER: Session ID: 66:A4:75:8A:CC:84:70:21:08:76:86:7E:29:43:0A:3F:CE:BA:D0:7F:6B:68:29:1B:A0:69:77:DF:A7:BB:20:40
imapcmds: TLS:LAYER: Ephemeral EC Diffie-Hellman parameters
imapcmds: TLS:LAYER:  Using curve: SECP384R1
imapcmds: TLS:LAYER:  Curve size: 384 bits
imapcmds: TLS:LAYER: Cipher Suite: ECDHE_RSA_AES_256_GCM_SHA384
imapcmds: TLS:LAYER: Version: TLS1.2
imapcmds: TLS:LAYER: Key Exchange: ECDHE-RSA
imapcmds: TLS:LAYER: Cipher: AES-256-GCM
imapcmds: TLS:LAYER: MAC: AEAD
imapcmds: TLS:LAYER: Compression: NULL
imapcmds: TLS:LAYER: Server Signature: RSA-SHA256
imapcmds: TLS:LAYER: Channel binding 'tls-unique': 0f574397eeb34c6a8bcd1212
imapcmds: CERT:VERIFY: Peer's certificate issuer is unknown
imapcmds: CERT:VERIFY: Peer's certificate is NOT trusted
imapcmds: CERT[0]:VERIFY: The hostname in the certificate match 'cen06x64.xen.wbcd.pl'
imapcmds: CERT[0]:VERIFY: Issuer : C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=Webbot Certification Authority,EMAIL=ssl@wbcd.pl
imapcmds: CERT[0]:VERIFY: Subject: C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=cen06x64.xen.wbcd.pl,EMAIL=ssl@wbcd.pl
imapcmds: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Not Before: 2014/04/04 22:33:09
imapcmds: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Not After : 2024/04/01 22:33:09
imapcmds: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Cert expire after 2217 [d] (191570973 [s]))
imapcmds: X.509: Version: 3
imapcmds: X.509: Serial Number (hex): 0A
imapcmds: X.509: Signature Algorithm: RSA-SHA1
imapcmds: X.509: Issuer : C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=Webbot Certification Authority,EMAIL=ssl@wbcd.pl
imapcmds: X.509: Subject: C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=cen06x64.xen.wbcd.pl,EMAIL=ssl@wbcd.pl
imapcmds: X.509: Validity: Not Before: 2014/04/04 22:33:09
imapcmds: X.509: Validity: Not After : 2024/04/01 22:33:09
imapcmds: X.509: Subject Public Key Info: Public Key Algorithm: RSA (4096 bits)
imapcmds: X.509: Extensions: Basic Constraints: (not critical) CA:FALSE
imapcmds: X.509: Extensions: Key usage: (not critical) Digital signature.
imapcmds: X.509: Extensions: Key usage: (not critical) Key encipherment.
imapcmds: X.509: Extensions: Key purpose OIDs:(not critical) TLS WWW Server.
imapcmds: X.509: Extensions: Key purpose OIDs:(not critical) TLS WWW Client.
imapcmds: X.509: Extensions: Other Information: MD5 fingerprint:   f319a7e502fc326c5f5d5714015cf52b
imapcmds: X.509: Extensions: Other Information: SHA-1 fingerprint: dd12d6735c1e4c42570f1d58b687457f90403c5e
imapcmds: X.509: Extensions: Other Information: Public Key Id:     f060fc3fc9ff5616ba3f8d81fe279acea3b2ae0a
imap://10.41.0.58:143/ dnsq=0.000, conn=0.049, bann=0.000, starttls=0.001, socktls=0.184, auth=0.000, quit=0.004, comm=0.001, summ=0.642, result=0:DONE OK Logout completed.
[

imapcmds --syserrors -w 5 --half-open --SNI=cen06x64a.xen.wbcd.pl --ca-file=/etc/pki/tls/certs/ca-bundle.crt --starttls --tlsinfo --certcheck-no --certverify --certinfo noop imap://10.41.0.58:143/

imapcmds: Resolving 10.41.0.58 ... 10.41.0.58 Success
imapcmds: Connecting to 10.41.0.58[10.41.0.58]:143 ... Success
imapcmds: TLS:LAYER: Description: (TLS1.2-PKIX)-(ECDHE-RSA-SECP384R1)-(AES-256-GCM)-(AEAD)
imapcmds: TLS:LAYER: Session ID: 1D:16:AE:B2:A7:24:C8:03:54:C3:1F:38:E1:C2:D9:0D:AA:AA:60:AB:59:DA:89:49:96:AF:7A:08:AE:FC:1B:D2
imapcmds: TLS:LAYER: Ephemeral EC Diffie-Hellman parameters
imapcmds: TLS:LAYER:  Using curve: SECP384R1
imapcmds: TLS:LAYER:  Curve size: 384 bits
imapcmds: TLS:LAYER: Cipher Suite: ECDHE_RSA_AES_256_GCM_SHA384
imapcmds: TLS:LAYER: Version: TLS1.2
imapcmds: TLS:LAYER: Key Exchange: ECDHE-RSA
imapcmds: TLS:LAYER: Cipher: AES-256-GCM
imapcmds: TLS:LAYER: MAC: AEAD
imapcmds: TLS:LAYER: Compression: NULL
imapcmds: TLS:LAYER: Server Signature: RSA-SHA1
imapcmds: TLS:LAYER: Channel binding 'tls-unique': 9861f1a7c2d10bcb26008651
imapcmds: CERT:VERIFY: Peer's certificate issuer is unknown
imapcmds: CERT:VERIFY: Peer's certificate is NOT trusted
imapcmds: CERT[0]:VERIFY: The hostname in the certificate match 'cen06x64a.xen.wbcd.pl'
imapcmds: CERT[0]:VERIFY: Issuer : C=PL,ST=Mazowieckie,L=Warszawa,O=Webbot\, Inc,OU=Webbot Trust Netowrk,CN=cen06x64a.xen.wbcd.pl,EMAIL=ssl@cen06x64.xen.wbcd.pl
imapcmds: CERT[0]:VERIFY: Subject: C=PL,ST=Mazowieckie,L=Warszawa,O=Webbot\, Inc,OU=Webbot Trust Netowrk,CN=cen06x64a.xen.wbcd.pl,EMAIL=ssl@cen06x64.xen.wbcd.pl
imapcmds: CERT[0]:VERIFY: CERT:DATE:CRIT Validity: Not Before: 2016/10/22 15:19:08
imapcmds: CERT[0]:VERIFY: CERT:DATE:CRIT Validity: Not After : 2017/10/22 15:19:08
imapcmds: CERT[0]:VERIFY: CERT:DATE:CRIT Validity: Cert expired days -136 [d] (11754284 [s]))
imapcmds: CERT[0]:VERIFY: X509v3 Subject Alternative Name: (not critical)
imapcmds: CERT[0]:VERIFY:      DNSname: cen06x64a.xen.wbcd.pl, DNSname: cen06x64a1.xen.wbcd.pl, DNSname: cen06x64a2.xen.wbcd.pl, DNSname: cen06x64a3.xen.wbcd.pl,
imapcmds: X.509: Version: 3
imapcmds: X.509: Serial Number (hex): 00:DB:93:CA:57:E4:68:8F:EC
imapcmds: X.509: Signature Algorithm: RSA-SHA256
imapcmds: X.509: Issuer : C=PL,ST=Mazowieckie,L=Warszawa,O=Webbot\, Inc,OU=Webbot Trust Netowrk,CN=cen06x64a.xen.wbcd.pl,EMAIL=ssl@cen06x64.xen.wbcd.pl
imapcmds: X.509: Subject: C=PL,ST=Mazowieckie,L=Warszawa,O=Webbot\, Inc,OU=Webbot Trust Netowrk,CN=cen06x64a.xen.wbcd.pl,EMAIL=ssl@cen06x64.xen.wbcd.pl
imapcmds: X.509: Validity: Not Before: 2016/10/22 15:19:08
imapcmds: X.509: Validity: Not After : 2017/10/22 15:19:08
imapcmds: X.509: Subject Public Key Info: Public Key Algorithm: RSA (2048 bits)
imapcmds: X.509: Extensions: Subject Alternative Name: (not critical) DNSname: cen06x64a.xen.wbcd.pl
imapcmds: X.509: Extensions: Subject Alternative Name: (not critical) DNSname: cen06x64a1.xen.wbcd.pl
imapcmds: X.509: Extensions: Subject Alternative Name: (not critical) DNSname: cen06x64a2.xen.wbcd.pl
imapcmds: X.509: Extensions: Subject Alternative Name: (not critical) DNSname: cen06x64a3.xen.wbcd.pl
imapcmds: X.509: Extensions: Basic Constraints: (not critical) CA:TRUE
imapcmds: X.509: Extensions: Other Information: MD5 fingerprint:   1a5cce486a4a17011bff569faca1ea92
imapcmds: X.509: Extensions: Other Information: SHA-1 fingerprint: f7c43368b465380de6dce2927aeb8eafdbf8c217
imapcmds: X.509: Extensions: Other Information: Public Key Id:     6c48de9abfe7b2e36010176f97cf7d1fea386058
imap://10.41.0.58:143/ dnsq=0.000, conn=0.001, bann=0.000, starttls=0.001, socktls=0.128, auth=0.000, quit=0.001, comm=0.004, summ=0.540, result=0:DONE OK Logout completed.

imapcmds --syserrors -w 5 --half-open --SNI=cen06x64a1.xen.wbcd.pl --ca-file=/etc/pki/tls/certs/ca-bundle.crt --starttls --tlsinfo --certcheck-no --certverify --certinfo noop imap://10.41.0.58:143/

imapcmds: Resolving 10.41.0.58 ... 10.41.0.58 Success
imapcmds: Connecting to 10.41.0.58[10.41.0.58]:143 ... Success
imapcmds: TLS:LAYER: Description: (TLS1.2-PKIX)-(ECDHE-RSA-SECP384R1)-(AES-256-GCM)-(AEAD)
imapcmds: TLS:LAYER: Session ID: E9:F2:44:9B:F5:90:B0:84:9A:33:16:B8:72:60:4B:2C:90:40:93:62:40:5F:82:30:A6:FD:1B:68:99:6F:5A:CA
imapcmds: TLS:LAYER: Ephemeral EC Diffie-Hellman parameters
imapcmds: TLS:LAYER:  Using curve: SECP384R1
imapcmds: TLS:LAYER:  Curve size: 384 bits
imapcmds: TLS:LAYER: Cipher Suite: ECDHE_RSA_AES_256_GCM_SHA384
imapcmds: TLS:LAYER: Version: TLS1.2
imapcmds: TLS:LAYER: Key Exchange: ECDHE-RSA
imapcmds: TLS:LAYER: Cipher: AES-256-GCM
imapcmds: TLS:LAYER: MAC: AEAD
imapcmds: TLS:LAYER: Compression: NULL
imapcmds: TLS:LAYER: Server Signature: RSA-SHA256
imapcmds: TLS:LAYER: Channel binding 'tls-unique': d1d767bf30caf085ab849c4f
imapcmds: CERT:VERIFY: Peer's certificate issuer is unknown
imapcmds: CERT:VERIFY: Peer's certificate is NOT trusted
imapcmds: CERT[0]:VERIFY: The hostname in the certificate does NOT match 'cen06x64a1.xen.wbcd.pl'
imapcmds: CERT[0]:VERIFY: Issuer : C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=Webbot Certification Authority,EMAIL=ssl@wbcd.pl
imapcmds: CERT[0]:VERIFY: Subject: C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=cen06x64.xen.wbcd.pl,EMAIL=ssl@wbcd.pl
imapcmds: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Not Before: 2014/04/04 22:33:09
imapcmds: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Not After : 2024/04/01 22:33:09
imapcmds: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Cert expire after 2217 [d] (191570940 [s]))
imapcmds: X.509: Version: 3
imapcmds: X.509: Serial Number (hex): 0A
imapcmds: X.509: Signature Algorithm: RSA-SHA1
imapcmds: X.509: Issuer : C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=Webbot Certification Authority,EMAIL=ssl@wbcd.pl
imapcmds: X.509: Subject: C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=cen06x64.xen.wbcd.pl,EMAIL=ssl@wbcd.pl
imapcmds: X.509: Validity: Not Before: 2014/04/04 22:33:09
imapcmds: X.509: Validity: Not After : 2024/04/01 22:33:09
imapcmds: X.509: Subject Public Key Info: Public Key Algorithm: RSA (4096 bits)
imapcmds: X.509: Extensions: Basic Constraints: (not critical) CA:FALSE
imapcmds: X.509: Extensions: Key usage: (not critical) Digital signature.
imapcmds: X.509: Extensions: Key usage: (not critical) Key encipherment.
imapcmds: X.509: Extensions: Key purpose OIDs:(not critical) TLS WWW Server.
imapcmds: X.509: Extensions: Key purpose OIDs:(not critical) TLS WWW Client.
imapcmds: X.509: Extensions: Other Information: MD5 fingerprint:   f319a7e502fc326c5f5d5714015cf52b
imapcmds: X.509: Extensions: Other Information: SHA-1 fingerprint: dd12d6735c1e4c42570f1d58b687457f90403c5e
imapcmds: X.509: Extensions: Other Information: Public Key Id:     f060fc3fc9ff5616ba3f8d81fe279acea3b2ae0a
imap://10.41.0.58:143/ dnsq=0.000, conn=0.001, bann=0.000, starttls=0.001, socktls=0.181, auth=0.000, quit=0.002, comm=0.001, summ=0.641, result=0:DONE OK Logout completed.

imapcmds --syserrors -w 5 --half-open --SNI=cen06x64a2.xen.wbcd.pl --ca-file=/etc/pki/tls/certs/ca-bundle.crt --starttls --tlsinfo --certcheck-no --certverify --certinfo noop imap://10.41.0.58:143/

imapcmds: Resolving 10.41.0.58 ... 10.41.0.58 Success
imapcmds: Connecting to 10.41.0.58[10.41.0.58]:143 ... Success
imapcmds: TLS:LAYER: Description: (TLS1.2-PKIX)-(ECDHE-RSA-SECP384R1)-(AES-256-GCM)-(AEAD)
imapcmds: TLS:LAYER: Session ID: 43:65:25:BA:0F:F6:05:4C:F9:73:9D:48:54:90:23:4D:25:A9:90:9F:80:F8:AF:2B:0A:A7:15:41:E1:FA:6A:B6
imapcmds: TLS:LAYER: Ephemeral EC Diffie-Hellman parameters
imapcmds: TLS:LAYER:  Using curve: SECP384R1
imapcmds: TLS:LAYER:  Curve size: 384 bits
imapcmds: TLS:LAYER: Cipher Suite: ECDHE_RSA_AES_256_GCM_SHA384
imapcmds: TLS:LAYER: Version: TLS1.2
imapcmds: TLS:LAYER: Key Exchange: ECDHE-RSA
imapcmds: TLS:LAYER: Cipher: AES-256-GCM
imapcmds: TLS:LAYER: MAC: AEAD
imapcmds: TLS:LAYER: Compression: NULL
imapcmds: TLS:LAYER: Server Signature: RSA-SHA256
imapcmds: TLS:LAYER: Channel binding 'tls-unique': dd51f482411920ed81d04b6b
imapcmds: CERT:VERIFY: Peer's certificate issuer is unknown
imapcmds: CERT:VERIFY: Peer's certificate is NOT trusted
imapcmds: CERT[0]:VERIFY: The hostname in the certificate does NOT match 'cen06x64a2.xen.wbcd.pl'
imapcmds: CERT[0]:VERIFY: Issuer : C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=Webbot Certification Authority,EMAIL=ssl@wbcd.pl
imapcmds: CERT[0]:VERIFY: Subject: C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=cen06x64.xen.wbcd.pl,EMAIL=ssl@wbcd.pl
imapcmds: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Not Before: 2014/04/04 22:33:09
imapcmds: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Not After : 2024/04/01 22:33:09
imapcmds: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Cert expire after 2217 [d] (191570926 [s]))
imapcmds: X.509: Version: 3
imapcmds: X.509: Serial Number (hex): 0A
imapcmds: X.509: Signature Algorithm: RSA-SHA1
imapcmds: X.509: Issuer : C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=Webbot Certification Authority,EMAIL=ssl@wbcd.pl
imapcmds: X.509: Subject: C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=cen06x64.xen.wbcd.pl,EMAIL=ssl@wbcd.pl
imapcmds: X.509: Validity: Not Before: 2014/04/04 22:33:09
imapcmds: X.509: Validity: Not After : 2024/04/01 22:33:09
imapcmds: X.509: Subject Public Key Info: Public Key Algorithm: RSA (4096 bits)
imapcmds: X.509: Extensions: Basic Constraints: (not critical) CA:FALSE
imapcmds: X.509: Extensions: Key usage: (not critical) Digital signature.
imapcmds: X.509: Extensions: Key usage: (not critical) Key encipherment.
imapcmds: X.509: Extensions: Key purpose OIDs:(not critical) TLS WWW Server.
imapcmds: X.509: Extensions: Key purpose OIDs:(not critical) TLS WWW Client.
imapcmds: X.509: Extensions: Other Information: MD5 fingerprint:   f319a7e502fc326c5f5d5714015cf52b
imapcmds: X.509: Extensions: Other Information: SHA-1 fingerprint: dd12d6735c1e4c42570f1d58b687457f90403c5e
imapcmds: X.509: Extensions: Other Information: Public Key Id:     f060fc3fc9ff5616ba3f8d81fe279acea3b2ae0a
imap://10.41.0.58:143/ dnsq=0.000, conn=0.001, bann=0.000, starttls=0.001, socktls=0.203, auth=0.000, quit=0.001, comm=0.001, summ=0.592, result=0:DONE OK Logout completed.

imapcmds --syserrors -w 5 --half-open --SNI=cen06x64a3.xen.wbcd.pl --ca-file=/etc/pki/tls/certs/ca-bundle.crt --starttls --tlsinfo --certcheck-no --certverify --certinfo noop imap://10.41.0.58:143/

imapcmds: Resolving 10.41.0.58 ... 10.41.0.58 Success
imapcmds: Connecting to 10.41.0.58[10.41.0.58]:143 ... Success
imapcmds: TLS:LAYER: Description: (TLS1.2-PKIX)-(ECDHE-RSA-SECP384R1)-(AES-256-GCM)-(AEAD)
imapcmds: TLS:LAYER: Session ID: D2:44:73:E5:3F:7F:05:A3:79:7E:08:BD:DB:D2:BF:08:5D:AA:07:4B:60:17:C1:55:D7:C6:6E:ED:C0:7F:CF:74
imapcmds: TLS:LAYER: Ephemeral EC Diffie-Hellman parameters
imapcmds: TLS:LAYER:  Using curve: SECP384R1
imapcmds: TLS:LAYER:  Curve size: 384 bits
imapcmds: TLS:LAYER: Cipher Suite: ECDHE_RSA_AES_256_GCM_SHA384
imapcmds: TLS:LAYER: Version: TLS1.2
imapcmds: TLS:LAYER: Key Exchange: ECDHE-RSA
imapcmds: TLS:LAYER: Cipher: AES-256-GCM
imapcmds: TLS:LAYER: MAC: AEAD
imapcmds: TLS:LAYER: Compression: NULL
imapcmds: TLS:LAYER: Server Signature: RSA-SHA256
imapcmds: TLS:LAYER: Channel binding 'tls-unique': 38f57604b5f32be0e01c6de2
imapcmds: CERT:VERIFY: Peer's certificate issuer is unknown
imapcmds: CERT:VERIFY: Peer's certificate is NOT trusted
imapcmds: CERT[0]:VERIFY: The hostname in the certificate does NOT match 'cen06x64a3.xen.wbcd.pl'
imapcmds: CERT[0]:VERIFY: Issuer : C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=Webbot Certification Authority,EMAIL=ssl@wbcd.pl
imapcmds: CERT[0]:VERIFY: Subject: C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=cen06x64.xen.wbcd.pl,EMAIL=ssl@wbcd.pl
imapcmds: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Not Before: 2014/04/04 22:33:09
imapcmds: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Not After : 2024/04/01 22:33:09
imapcmds: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Cert expire after 2217 [d] (191570912 [s]))
imapcmds: X.509: Version: 3
imapcmds: X.509: Serial Number (hex): 0A
imapcmds: X.509: Signature Algorithm: RSA-SHA1
imapcmds: X.509: Issuer : C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=Webbot Certification Authority,EMAIL=ssl@wbcd.pl
imapcmds: X.509: Subject: C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=cen06x64.xen.wbcd.pl,EMAIL=ssl@wbcd.pl
imapcmds: X.509: Validity: Not Before: 2014/04/04 22:33:09
imapcmds: X.509: Validity: Not After : 2024/04/01 22:33:09
imapcmds: X.509: Subject Public Key Info: Public Key Algorithm: RSA (4096 bits)
imapcmds: X.509: Extensions: Basic Constraints: (not critical) CA:FALSE
imapcmds: X.509: Extensions: Key usage: (not critical) Digital signature.
imapcmds: X.509: Extensions: Key usage: (not critical) Key encipherment.
imapcmds: X.509: Extensions: Key purpose OIDs:(not critical) TLS WWW Server.
imapcmds: X.509: Extensions: Key purpose OIDs:(not critical) TLS WWW Client.
imapcmds: X.509: Extensions: Other Information: MD5 fingerprint:   f319a7e502fc326c5f5d5714015cf52b
imapcmds: X.509: Extensions: Other Information: SHA-1 fingerprint: dd12d6735c1e4c42570f1d58b687457f90403c5e
imapcmds: X.509: Extensions: Other Information: Public Key Id:     f060fc3fc9ff5616ba3f8d81fe279acea3b2ae0a
imap://10.41.0.58:143/ dnsq=0.000, conn=0.001, bann=0.000, starttls=0.001, socktls=0.203, auth=0.000, quit=0.001, comm=0.001, summ=0.533, result=0:DONE OK Logout completed.

imapcmds --syserrors -w 5 --half-open --SNI=cen06x64b.xen.wbcd.pl --ca-file=/etc/pki/tls/certs/ca-bundle.crt --starttls --tlsinfo --certcheck-no --certverify --certinfo noop imap://10.41.0.58:143/

imapcmds: Resolving 10.41.0.58 ... 10.41.0.58 Success
imapcmds: Connecting to 10.41.0.58[10.41.0.58]:143 ... Success
imapcmds: TLS:LAYER: Description: (TLS1.2-PKIX)-(ECDHE-RSA-SECP384R1)-(AES-256-GCM)-(AEAD)
imapcmds: TLS:LAYER: Session ID: 60:86:3F:D6:DF:AF:A1:04:50:BC:79:B4:B8:4C:25:9B:54:5D:FE:9E:07:9E:47:46:04:9C:9F:12:8A:D1:74:EC
imapcmds: TLS:LAYER: Ephemeral EC Diffie-Hellman parameters
imapcmds: TLS:LAYER:  Using curve: SECP384R1
imapcmds: TLS:LAYER:  Curve size: 384 bits
imapcmds: TLS:LAYER: Cipher Suite: ECDHE_RSA_AES_256_GCM_SHA384
imapcmds: TLS:LAYER: Version: TLS1.2
imapcmds: TLS:LAYER: Key Exchange: ECDHE-RSA
imapcmds: TLS:LAYER: Cipher: AES-256-GCM
imapcmds: TLS:LAYER: MAC: AEAD
imapcmds: TLS:LAYER: Compression: NULL
imapcmds: TLS:LAYER: Server Signature: RSA-SHA1
imapcmds: TLS:LAYER: Channel binding 'tls-unique': b3650d1b99039477cf87187c
imapcmds: CERT:VERIFY: Peer's certificate issuer is unknown
imapcmds: CERT:VERIFY: Peer's certificate is NOT trusted
imapcmds: CERT[0]:VERIFY: The hostname in the certificate match 'cen06x64b.xen.wbcd.pl'
imapcmds: CERT[0]:VERIFY: Issuer : C=PL,ST=Mazowieckie,L=Warszawa,O=Webbot\, Inc,OU=Webbot Trust Netowrk,CN=cen06x64b.xen.wbcd.pl,EMAIL=ssl@cen06x64.xen.wbcd.pl
imapcmds: CERT[0]:VERIFY: Subject: C=PL,ST=Mazowieckie,L=Warszawa,O=Webbot\, Inc,OU=Webbot Trust Netowrk,CN=cen06x64b.xen.wbcd.pl,EMAIL=ssl@cen06x64.xen.wbcd.pl
imapcmds: CERT[0]:VERIFY: CERT:DATE:CRIT Validity: Not Before: 2016/10/22 15:19:11
imapcmds: CERT[0]:VERIFY: CERT:DATE:CRIT Validity: Not After : 2017/10/22 15:19:11
imapcmds: CERT[0]:VERIFY: CERT:DATE:CRIT Validity: Cert expired days -136 [d] (11754339 [s]))
imapcmds: CERT[0]:VERIFY: X509v3 Subject Alternative Name: (not critical)
imapcmds: CERT[0]:VERIFY:      DNSname: cen06x64b.xen.wbcd.pl, DNSname: cen06x64b1.xen.wbcd.pl, DNSname: cen06x64b2.xen.wbcd.pl, DNSname: cen06x64b3.xen.wbcd.pl,
imapcmds: X.509: Version: 3
imapcmds: X.509: Serial Number (hex): 00:82:1E:15:3B:CB:FA:45:6E
imapcmds: X.509: Signature Algorithm: RSA-SHA256
imapcmds: X.509: Issuer : C=PL,ST=Mazowieckie,L=Warszawa,O=Webbot\, Inc,OU=Webbot Trust Netowrk,CN=cen06x64b.xen.wbcd.pl,EMAIL=ssl@cen06x64.xen.wbcd.pl
imapcmds: X.509: Subject: C=PL,ST=Mazowieckie,L=Warszawa,O=Webbot\, Inc,OU=Webbot Trust Netowrk,CN=cen06x64b.xen.wbcd.pl,EMAIL=ssl@cen06x64.xen.wbcd.pl
imapcmds: X.509: Validity: Not Before: 2016/10/22 15:19:11
imapcmds: X.509: Validity: Not After : 2017/10/22 15:19:11
imapcmds: X.509: Subject Public Key Info: Public Key Algorithm: RSA (2048 bits)
imapcmds: X.509: Extensions: Subject Alternative Name: (not critical) DNSname: cen06x64b.xen.wbcd.pl
imapcmds: X.509: Extensions: Subject Alternative Name: (not critical) DNSname: cen06x64b1.xen.wbcd.pl
imapcmds: X.509: Extensions: Subject Alternative Name: (not critical) DNSname: cen06x64b2.xen.wbcd.pl
imapcmds: X.509: Extensions: Subject Alternative Name: (not critical) DNSname: cen06x64b3.xen.wbcd.pl
imapcmds: X.509: Extensions: Basic Constraints: (not critical) CA:TRUE
imapcmds: X.509: Extensions: Other Information: MD5 fingerprint:   1db22bfd4327c1e1f37c327e9a96c715
imapcmds: X.509: Extensions: Other Information: SHA-1 fingerprint: f161f7706787e83d517333f855e8fd25114f3a52
imapcmds: X.509: Extensions: Other Information: Public Key Id:     3660ac9d4c5a6a61d50b275b3c43edc13b3211c7
imap://10.41.0.58:143/ dnsq=0.000, conn=0.001, bann=0.000, starttls=0.001, socktls=0.226, auth=0.000, quit=0.002, comm=0.001, summ=0.500, result=0:DONE OK Logout completed.

imapcmds --syserrors -w 5 --half-open --SNI=cen06x64b1.xen.wbcd.pl --ca-file=/etc/pki/tls/certs/ca-bundle.crt --starttls --tlsinfo --certcheck-no --certverify --certinfo noop imap://10.41.0.58:143/

imapcmds: Resolving 10.41.0.58 ... 10.41.0.58 Success
imapcmds: Connecting to 10.41.0.58[10.41.0.58]:143 ... Success
imapcmds: TLS:LAYER: Description: (TLS1.2-PKIX)-(ECDHE-RSA-SECP384R1)-(AES-256-GCM)-(AEAD)
imapcmds: TLS:LAYER: Session ID: 7A:6A:93:82:8B:FB:91:C5:29:13:6A:A3:1B:6C:32:4F:96:7A:3A:14:A0:64:C4:D0:39:DA:7F:69:ED:A4:4B:3D
imapcmds: TLS:LAYER: Ephemeral EC Diffie-Hellman parameters
imapcmds: TLS:LAYER:  Using curve: SECP384R1
imapcmds: TLS:LAYER:  Curve size: 384 bits
imapcmds: TLS:LAYER: Cipher Suite: ECDHE_RSA_AES_256_GCM_SHA384
imapcmds: TLS:LAYER: Version: TLS1.2
imapcmds: TLS:LAYER: Key Exchange: ECDHE-RSA
imapcmds: TLS:LAYER: Cipher: AES-256-GCM
imapcmds: TLS:LAYER: MAC: AEAD
imapcmds: TLS:LAYER: Compression: NULL
imapcmds: TLS:LAYER: Server Signature: RSA-SHA256
imapcmds: TLS:LAYER: Channel binding 'tls-unique': 3ff2cffca1928c2130e8d121
imapcmds: CERT:VERIFY: Peer's certificate issuer is unknown
imapcmds: CERT:VERIFY: Peer's certificate is NOT trusted
imapcmds: CERT[0]:VERIFY: The hostname in the certificate does NOT match 'cen06x64b1.xen.wbcd.pl'
imapcmds: CERT[0]:VERIFY: Issuer : C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=Webbot Certification Authority,EMAIL=ssl@wbcd.pl
imapcmds: CERT[0]:VERIFY: Subject: C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=cen06x64.xen.wbcd.pl,EMAIL=ssl@wbcd.pl
imapcmds: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Not Before: 2014/04/04 22:33:09
imapcmds: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Not After : 2024/04/01 22:33:09
imapcmds: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Cert expire after 2217 [d] (191570877 [s]))
imapcmds: X.509: Version: 3
imapcmds: X.509: Serial Number (hex): 0A
imapcmds: X.509: Signature Algorithm: RSA-SHA1
imapcmds: X.509: Issuer : C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=Webbot Certification Authority,EMAIL=ssl@wbcd.pl
imapcmds: X.509: Subject: C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=cen06x64.xen.wbcd.pl,EMAIL=ssl@wbcd.pl
imapcmds: X.509: Validity: Not Before: 2014/04/04 22:33:09
imapcmds: X.509: Validity: Not After : 2024/04/01 22:33:09
imapcmds: X.509: Subject Public Key Info: Public Key Algorithm: RSA (4096 bits)
imapcmds: X.509: Extensions: Basic Constraints: (not critical) CA:FALSE
imapcmds: X.509: Extensions: Key usage: (not critical) Digital signature.
imapcmds: X.509: Extensions: Key usage: (not critical) Key encipherment.
imapcmds: X.509: Extensions: Key purpose OIDs:(not critical) TLS WWW Server.
imapcmds: X.509: Extensions: Key purpose OIDs:(not critical) TLS WWW Client.
imapcmds: X.509: Extensions: Other Information: MD5 fingerprint:   f319a7e502fc326c5f5d5714015cf52b
imapcmds: X.509: Extensions: Other Information: SHA-1 fingerprint: dd12d6735c1e4c42570f1d58b687457f90403c5e
imapcmds: X.509: Extensions: Other Information: Public Key Id:     f060fc3fc9ff5616ba3f8d81fe279acea3b2ae0a
imap://10.41.0.58:143/ dnsq=0.000, conn=0.001, bann=0.000, starttls=0.001, socktls=0.186, auth=0.000, quit=0.001, comm=0.001, summ=0.552, result=0:DONE OK Logout completed.

imapcmds --syserrors -w 5 --half-open --SNI=cen06x64b2.xen.wbcd.pl --ca-file=/etc/pki/tls/certs/ca-bundle.crt --starttls --tlsinfo --certcheck-no --certverify --certinfo noop imap://10.41.0.58:143/

imapcmds: Resolving 10.41.0.58 ... 10.41.0.58 Success
imapcmds: Connecting to 10.41.0.58[10.41.0.58]:143 ... Success
imapcmds: TLS:LAYER: Description: (TLS1.2-PKIX)-(ECDHE-RSA-SECP384R1)-(AES-256-GCM)-(AEAD)
imapcmds: TLS:LAYER: Session ID: 76:88:A3:C7:A7:81:BB:E4:7E:98:FA:BD:40:F6:A8:57:22:BA:8A:8C:F8:18:8F:19:AC:8A:3A:1C:25:F9:CF:94
imapcmds: TLS:LAYER: Ephemeral EC Diffie-Hellman parameters
imapcmds: TLS:LAYER:  Using curve: SECP384R1
imapcmds: TLS:LAYER:  Curve size: 384 bits
imapcmds: TLS:LAYER: Cipher Suite: ECDHE_RSA_AES_256_GCM_SHA384
imapcmds: TLS:LAYER: Version: TLS1.2
imapcmds: TLS:LAYER: Key Exchange: ECDHE-RSA
imapcmds: TLS:LAYER: Cipher: AES-256-GCM
imapcmds: TLS:LAYER: MAC: AEAD
imapcmds: TLS:LAYER: Compression: NULL
imapcmds: TLS:LAYER: Server Signature: RSA-SHA256
imapcmds: TLS:LAYER: Channel binding 'tls-unique': 508c1955f2e02bf798374820
imapcmds: CERT:VERIFY: Peer's certificate issuer is unknown
imapcmds: CERT:VERIFY: Peer's certificate is NOT trusted
imapcmds: CERT[0]:VERIFY: The hostname in the certificate does NOT match 'cen06x64b2.xen.wbcd.pl'
imapcmds: CERT[0]:VERIFY: Issuer : C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=Webbot Certification Authority,EMAIL=ssl@wbcd.pl
imapcmds: CERT[0]:VERIFY: Subject: C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=cen06x64.xen.wbcd.pl,EMAIL=ssl@wbcd.pl
imapcmds: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Not Before: 2014/04/04 22:33:09
imapcmds: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Not After : 2024/04/01 22:33:09
imapcmds: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Cert expire after 2217 [d] (191570804 [s]))
imapcmds: X.509: Version: 3
imapcmds: X.509: Serial Number (hex): 0A
imapcmds: X.509: Signature Algorithm: RSA-SHA1
imapcmds: X.509: Issuer : C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=Webbot Certification Authority,EMAIL=ssl@wbcd.pl
imapcmds: X.509: Subject: C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=cen06x64.xen.wbcd.pl,EMAIL=ssl@wbcd.pl
imapcmds: X.509: Validity: Not Before: 2014/04/04 22:33:09
imapcmds: X.509: Validity: Not After : 2024/04/01 22:33:09
imapcmds: X.509: Subject Public Key Info: Public Key Algorithm: RSA (4096 bits)
imapcmds: X.509: Extensions: Basic Constraints: (not critical) CA:FALSE
imapcmds: X.509: Extensions: Key usage: (not critical) Digital signature.
imapcmds: X.509: Extensions: Key usage: (not critical) Key encipherment.
imapcmds: X.509: Extensions: Key purpose OIDs:(not critical) TLS WWW Server.
imapcmds: X.509: Extensions: Key purpose OIDs:(not critical) TLS WWW Client.
imapcmds: X.509: Extensions: Other Information: MD5 fingerprint:   f319a7e502fc326c5f5d5714015cf52b
imapcmds: X.509: Extensions: Other Information: SHA-1 fingerprint: dd12d6735c1e4c42570f1d58b687457f90403c5e
imapcmds: X.509: Extensions: Other Information: Public Key Id:     f060fc3fc9ff5616ba3f8d81fe279acea3b2ae0a
imap://10.41.0.58:143/ dnsq=0.000, conn=0.001, bann=0.000, starttls=0.002, socktls=0.188, auth=0.000, quit=0.002, comm=0.001, summ=0.636, result=0:DONE OK Logout completed.

imapcmds --syserrors -w 5 --half-open --SNI=cen06x64b3.xen.wbcd.pl --ca-file=/etc/pki/tls/certs/ca-bundle.crt --starttls --tlsinfo --certcheck-no --certverify --certinfo noop imap://10.41.0.58:143/

imapcmds: Resolving 10.41.0.58 ... 10.41.0.58 Success
imapcmds: Connecting to 10.41.0.58[10.41.0.58]:143 ... Success
imapcmds: TLS:LAYER: Description: (TLS1.2-PKIX)-(ECDHE-RSA-SECP384R1)-(AES-256-GCM)-(AEAD)
imapcmds: TLS:LAYER: Session ID: C8:6F:57:DB:A1:E8:8E:2D:2F:97:F1:72:39:84:CE:17:93:78:EE:20:08:27:40:08:87:DD:D6:7D:D4:99:D3:3C
imapcmds: TLS:LAYER: Ephemeral EC Diffie-Hellman parameters
imapcmds: TLS:LAYER:  Using curve: SECP384R1
imapcmds: TLS:LAYER:  Curve size: 384 bits
imapcmds: TLS:LAYER: Cipher Suite: ECDHE_RSA_AES_256_GCM_SHA384
imapcmds: TLS:LAYER: Version: TLS1.2
imapcmds: TLS:LAYER: Key Exchange: ECDHE-RSA
imapcmds: TLS:LAYER: Cipher: AES-256-GCM
imapcmds: TLS:LAYER: MAC: AEAD
imapcmds: TLS:LAYER: Compression: NULL
imapcmds: TLS:LAYER: Server Signature: RSA-SHA256
imapcmds: TLS:LAYER: Channel binding 'tls-unique': fbdf4f990a7f85f93bef16c9
imapcmds: CERT:VERIFY: Peer's certificate issuer is unknown
imapcmds: CERT:VERIFY: Peer's certificate is NOT trusted
imapcmds: CERT[0]:VERIFY: The hostname in the certificate does NOT match 'cen06x64b3.xen.wbcd.pl'
imapcmds: CERT[0]:VERIFY: Issuer : C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=Webbot Certification Authority,EMAIL=ssl@wbcd.pl
imapcmds: CERT[0]:VERIFY: Subject: C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=cen06x64.xen.wbcd.pl,EMAIL=ssl@wbcd.pl
imapcmds: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Not Before: 2014/04/04 22:33:09
imapcmds: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Not After : 2024/04/01 22:33:09
imapcmds: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Cert expire after 2217 [d] (191570791 [s]))
imapcmds: X.509: Version: 3
imapcmds: X.509: Serial Number (hex): 0A
imapcmds: X.509: Signature Algorithm: RSA-SHA1
imapcmds: X.509: Issuer : C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=Webbot Certification Authority,EMAIL=ssl@wbcd.pl
imapcmds: X.509: Subject: C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=cen06x64.xen.wbcd.pl,EMAIL=ssl@wbcd.pl
imapcmds: X.509: Validity: Not Before: 2014/04/04 22:33:09
imapcmds: X.509: Validity: Not After : 2024/04/01 22:33:09
imapcmds: X.509: Subject Public Key Info: Public Key Algorithm: RSA (4096 bits)
imapcmds: X.509: Extensions: Basic Constraints: (not critical) CA:FALSE
imapcmds: X.509: Extensions: Key usage: (not critical) Digital signature.
imapcmds: X.509: Extensions: Key usage: (not critical) Key encipherment.
imapcmds: X.509: Extensions: Key purpose OIDs:(not critical) TLS WWW Server.
imapcmds: X.509: Extensions: Key purpose OIDs:(not critical) TLS WWW Client.
imapcmds: X.509: Extensions: Other Information: MD5 fingerprint:   f319a7e502fc326c5f5d5714015cf52b
imapcmds: X.509: Extensions: Other Information: SHA-1 fingerprint: dd12d6735c1e4c42570f1d58b687457f90403c5e
imapcmds: X.509: Extensions: Other Information: Public Key Id:     f060fc3fc9ff5616ba3f8d81fe279acea3b2ae0a
imap://10.41.0.58:143/ dnsq=0.000, conn=0.001, bann=0.000, starttls=0.002, socktls=0.209, auth=0.000, quit=0.001, comm=0.002, summ=0.537, result=0:DONE OK Logout completed.

imapcmds --syserrors -w 5 --half-open --SNI=cen06x64c.xen.wbcd.pl --ca-file=/etc/pki/tls/certs/ca-bundle.crt --starttls --tlsinfo --certcheck-no --certverify --certinfo noop imap://10.41.0.58:143/

imapcmds: Resolving 10.41.0.58 ... 10.41.0.58 Success
imapcmds: Connecting to 10.41.0.58[10.41.0.58]:143 ... Success
imapcmds: TLS:LAYER: Description: (TLS1.2-PKIX)-(ECDHE-RSA-SECP384R1)-(AES-256-GCM)-(AEAD)
imapcmds: TLS:LAYER: Session ID: B1:F5:9B:2C:37:45:BE:46:FA:70:52:A1:CB:46:C1:33:D7:35:F3:19:8D:C2:CC:15:91:F8:B1:C5:8B:B0:BE:A5
imapcmds: TLS:LAYER: Ephemeral EC Diffie-Hellman parameters
imapcmds: TLS:LAYER:  Using curve: SECP384R1
imapcmds: TLS:LAYER:  Curve size: 384 bits
imapcmds: TLS:LAYER: Cipher Suite: ECDHE_RSA_AES_256_GCM_SHA384
imapcmds: TLS:LAYER: Version: TLS1.2
imapcmds: TLS:LAYER: Key Exchange: ECDHE-RSA
imapcmds: TLS:LAYER: Cipher: AES-256-GCM
imapcmds: TLS:LAYER: MAC: AEAD
imapcmds: TLS:LAYER: Compression: NULL
imapcmds: TLS:LAYER: Server Signature: RSA-SHA1
imapcmds: TLS:LAYER: Channel binding 'tls-unique': 0ab33fbfa1d961ae12b3883e
imapcmds: CERT:VERIFY: Peer's certificate issuer is unknown
imapcmds: CERT:VERIFY: Peer's certificate is NOT trusted
imapcmds: CERT[0]:VERIFY: The hostname in the certificate match 'cen06x64c.xen.wbcd.pl'
imapcmds: CERT[0]:VERIFY: Issuer : C=PL,ST=Mazowieckie,L=Warszawa,O=Webbot\, Inc,OU=Webbot Trust Netowrk,CN=cen06x64c.xen.wbcd.pl,EMAIL=ssl@cen06x64.xen.wbcd.pl
imapcmds: CERT[0]:VERIFY: Subject: C=PL,ST=Mazowieckie,L=Warszawa,O=Webbot\, Inc,OU=Webbot Trust Netowrk,CN=cen06x64c.xen.wbcd.pl,EMAIL=ssl@cen06x64.xen.wbcd.pl
imapcmds: CERT[0]:VERIFY: CERT:DATE:CRIT Validity: Not Before: 2016/10/22 15:19:13
imapcmds: CERT[0]:VERIFY: CERT:DATE:CRIT Validity: Not After : 2017/10/22 15:19:13
imapcmds: CERT[0]:VERIFY: CERT:DATE:CRIT Validity: Cert expired days -136 [d] (11754459 [s]))
imapcmds: CERT[0]:VERIFY: X509v3 Subject Alternative Name: (not critical)
imapcmds: CERT[0]:VERIFY:      DNSname: cen06x64c.xen.wbcd.pl, DNSname: cen06x64c1.xen.wbcd.pl, DNSname: cen06x64c2.xen.wbcd.pl, DNSname: cen06x64c3.xen.wbcd.pl,
imapcmds: X.509: Version: 3
imapcmds: X.509: Serial Number (hex): 00:E3:2A:B0:D8:C5:B3:8E:FA
imapcmds: X.509: Signature Algorithm: RSA-SHA256
imapcmds: X.509: Issuer : C=PL,ST=Mazowieckie,L=Warszawa,O=Webbot\, Inc,OU=Webbot Trust Netowrk,CN=cen06x64c.xen.wbcd.pl,EMAIL=ssl@cen06x64.xen.wbcd.pl
imapcmds: X.509: Subject: C=PL,ST=Mazowieckie,L=Warszawa,O=Webbot\, Inc,OU=Webbot Trust Netowrk,CN=cen06x64c.xen.wbcd.pl,EMAIL=ssl@cen06x64.xen.wbcd.pl
imapcmds: X.509: Validity: Not Before: 2016/10/22 15:19:13
imapcmds: X.509: Validity: Not After : 2017/10/22 15:19:13
imapcmds: X.509: Subject Public Key Info: Public Key Algorithm: RSA (2048 bits)
imapcmds: X.509: Extensions: Subject Alternative Name: (not critical) DNSname: cen06x64c.xen.wbcd.pl
imapcmds: X.509: Extensions: Subject Alternative Name: (not critical) DNSname: cen06x64c1.xen.wbcd.pl
imapcmds: X.509: Extensions: Subject Alternative Name: (not critical) DNSname: cen06x64c2.xen.wbcd.pl
imapcmds: X.509: Extensions: Subject Alternative Name: (not critical) DNSname: cen06x64c3.xen.wbcd.pl
imapcmds: X.509: Extensions: Basic Constraints: (not critical) CA:TRUE
imapcmds: X.509: Extensions: Other Information: MD5 fingerprint:   72db0baf6df9351e770d829a4928f8c7
imapcmds: X.509: Extensions: Other Information: SHA-1 fingerprint: f021c346ede355b729cc4376c013e2c29a10e473
imapcmds: X.509: Extensions: Other Information: Public Key Id:     a1d0f0fe5bb9cff07136e2392c7a601723bfb879
imap://10.41.0.58:143/ dnsq=0.000, conn=0.002, bann=0.000, starttls=0.001, socktls=0.131, auth=0.000, quit=0.001, comm=0.002, summ=0.477, result=0:DONE OK Logout completed.

imapcmds --syserrors -w 5 --half-open --SNI=cen06x64c1.xen.wbcd.pl --ca-file=/etc/pki/tls/certs/ca-bundle.crt --starttls --tlsinfo --certcheck-no --certverify --certinfo noop imap://10.41.0.58:143/

imapcmds: Resolving 10.41.0.58 ... 10.41.0.58 Success
imapcmds: Connecting to 10.41.0.58[10.41.0.58]:143 ... Success
imapcmds: TLS:LAYER: Description: (TLS1.2-PKIX)-(ECDHE-RSA-SECP384R1)-(AES-256-GCM)-(AEAD)
imapcmds: TLS:LAYER: Session ID: 39:60:E7:82:85:8F:71:E7:73:E3:3A:B8:8D:8C:6B:36:EE:82:6C:00:72:75:21:17:12:93:7A:30:4D:3D:AD:DF
imapcmds: TLS:LAYER: Ephemeral EC Diffie-Hellman parameters
imapcmds: TLS:LAYER:  Using curve: SECP384R1
imapcmds: TLS:LAYER:  Curve size: 384 bits
imapcmds: TLS:LAYER: Cipher Suite: ECDHE_RSA_AES_256_GCM_SHA384
imapcmds: TLS:LAYER: Version: TLS1.2
imapcmds: TLS:LAYER: Key Exchange: ECDHE-RSA
imapcmds: TLS:LAYER: Cipher: AES-256-GCM
imapcmds: TLS:LAYER: MAC: AEAD
imapcmds: TLS:LAYER: Compression: NULL
imapcmds: TLS:LAYER: Server Signature: RSA-SHA256
imapcmds: TLS:LAYER: Channel binding 'tls-unique': 2b5a35e1a38d8149f7d48293
imapcmds: CERT:VERIFY: Peer's certificate issuer is unknown
imapcmds: CERT:VERIFY: Peer's certificate is NOT trusted
imapcmds: CERT[0]:VERIFY: The hostname in the certificate does NOT match 'cen06x64c1.xen.wbcd.pl'
imapcmds: CERT[0]:VERIFY: Issuer : C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=Webbot Certification Authority,EMAIL=ssl@wbcd.pl
imapcmds: CERT[0]:VERIFY: Subject: C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=cen06x64.xen.wbcd.pl,EMAIL=ssl@wbcd.pl
imapcmds: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Not Before: 2014/04/04 22:33:09
imapcmds: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Not After : 2024/04/01 22:33:09
imapcmds: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Cert expire after 2217 [d] (191570764 [s]))
imapcmds: X.509: Version: 3
imapcmds: X.509: Serial Number (hex): 0A
imapcmds: X.509: Signature Algorithm: RSA-SHA1
imapcmds: X.509: Issuer : C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=Webbot Certification Authority,EMAIL=ssl@wbcd.pl
imapcmds: X.509: Subject: C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=cen06x64.xen.wbcd.pl,EMAIL=ssl@wbcd.pl
imapcmds: X.509: Validity: Not Before: 2014/04/04 22:33:09
imapcmds: X.509: Validity: Not After : 2024/04/01 22:33:09
imapcmds: X.509: Subject Public Key Info: Public Key Algorithm: RSA (4096 bits)
imapcmds: X.509: Extensions: Basic Constraints: (not critical) CA:FALSE
imapcmds: X.509: Extensions: Key usage: (not critical) Digital signature.
imapcmds: X.509: Extensions: Key usage: (not critical) Key encipherment.
imapcmds: X.509: Extensions: Key purpose OIDs:(not critical) TLS WWW Server.
imapcmds: X.509: Extensions: Key purpose OIDs:(not critical) TLS WWW Client.
imapcmds: X.509: Extensions: Other Information: MD5 fingerprint:   f319a7e502fc326c5f5d5714015cf52b
imapcmds: X.509: Extensions: Other Information: SHA-1 fingerprint: dd12d6735c1e4c42570f1d58b687457f90403c5e
imapcmds: X.509: Extensions: Other Information: Public Key Id:     f060fc3fc9ff5616ba3f8d81fe279acea3b2ae0a
imap://10.41.0.58:143/ dnsq=0.000, conn=0.001, bann=0.000, starttls=0.001, socktls=0.199, auth=0.000, quit=0.001, comm=0.001, summ=0.603, result=0:DONE OK Logout completed.

imapcmds --syserrors -w 5 --half-open --SNI=cen06x64c2.xen.wbcd.pl --ca-file=/etc/pki/tls/certs/ca-bundle.crt --starttls --tlsinfo --certcheck-no --certverify --certinfo noop imap://10.41.0.58:143/

imapcmds: Resolving 10.41.0.58 ... 10.41.0.58 Success
imapcmds: Connecting to 10.41.0.58[10.41.0.58]:143 ... Success
imapcmds: TLS:LAYER: Description: (TLS1.2-PKIX)-(ECDHE-RSA-SECP384R1)-(AES-256-GCM)-(AEAD)
imapcmds: TLS:LAYER: Session ID: 8B:18:D7:B1:F2:A7:6E:0E:27:EB:15:45:7D:2A:0D:6C:65:E6:55:36:5F:76:A3:54:6F:64:73:BE:74:E5:77:41
imapcmds: TLS:LAYER: Ephemeral EC Diffie-Hellman parameters
imapcmds: TLS:LAYER:  Using curve: SECP384R1
imapcmds: TLS:LAYER:  Curve size: 384 bits
imapcmds: TLS:LAYER: Cipher Suite: ECDHE_RSA_AES_256_GCM_SHA384
imapcmds: TLS:LAYER: Version: TLS1.2
imapcmds: TLS:LAYER: Key Exchange: ECDHE-RSA
imapcmds: TLS:LAYER: Cipher: AES-256-GCM
imapcmds: TLS:LAYER: MAC: AEAD
imapcmds: TLS:LAYER: Compression: NULL
imapcmds: TLS:LAYER: Server Signature: RSA-SHA256
imapcmds: TLS:LAYER: Channel binding 'tls-unique': 492aca1b95978dffca552fbc
imapcmds: CERT:VERIFY: Peer's certificate issuer is unknown
imapcmds: CERT:VERIFY: Peer's certificate is NOT trusted
imapcmds: CERT[0]:VERIFY: The hostname in the certificate does NOT match 'cen06x64c2.xen.wbcd.pl'
imapcmds: CERT[0]:VERIFY: Issuer : C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=Webbot Certification Authority,EMAIL=ssl@wbcd.pl
imapcmds: CERT[0]:VERIFY: Subject: C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=cen06x64.xen.wbcd.pl,EMAIL=ssl@wbcd.pl
imapcmds: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Not Before: 2014/04/04 22:33:09
imapcmds: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Not After : 2024/04/01 22:33:09
imapcmds: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Cert expire after 2217 [d] (191570751 [s]))
imapcmds: X.509: Version: 3
imapcmds: X.509: Serial Number (hex): 0A
imapcmds: X.509: Signature Algorithm: RSA-SHA1
imapcmds: X.509: Issuer : C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=Webbot Certification Authority,EMAIL=ssl@wbcd.pl
imapcmds: X.509: Subject: C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=cen06x64.xen.wbcd.pl,EMAIL=ssl@wbcd.pl
imapcmds: X.509: Validity: Not Before: 2014/04/04 22:33:09
imapcmds: X.509: Validity: Not After : 2024/04/01 22:33:09
imapcmds: X.509: Subject Public Key Info: Public Key Algorithm: RSA (4096 bits)
imapcmds: X.509: Extensions: Basic Constraints: (not critical) CA:FALSE
imapcmds: X.509: Extensions: Key usage: (not critical) Digital signature.
imapcmds: X.509: Extensions: Key usage: (not critical) Key encipherment.
imapcmds: X.509: Extensions: Key purpose OIDs:(not critical) TLS WWW Server.
imapcmds: X.509: Extensions: Key purpose OIDs:(not critical) TLS WWW Client.
imapcmds: X.509: Extensions: Other Information: MD5 fingerprint:   f319a7e502fc326c5f5d5714015cf52b
imapcmds: X.509: Extensions: Other Information: SHA-1 fingerprint: dd12d6735c1e4c42570f1d58b687457f90403c5e
imapcmds: X.509: Extensions: Other Information: Public Key Id:     f060fc3fc9ff5616ba3f8d81fe279acea3b2ae0a
imap://10.41.0.58:143/ dnsq=0.000, conn=0.001, bann=0.000, starttls=0.001, socktls=0.189, auth=0.000, quit=0.001, comm=0.001, summ=0.461, result=0:DONE OK Logout completed.

imapcmds --syserrors -w 5 --half-open --SNI=cen06x64c3.xen.wbcd.pl --ca-file=/etc/pki/tls/certs/ca-bundle.crt --starttls --tlsinfo --certcheck-no --certverify --certinfo noop imap://10.41.0.58:143/

imapcmds: Resolving 10.41.0.58 ... 10.41.0.58 Success
imapcmds: Connecting to 10.41.0.58[10.41.0.58]:143 ... Success
imapcmds: TLS:LAYER: Description: (TLS1.2-PKIX)-(ECDHE-RSA-SECP384R1)-(AES-256-GCM)-(AEAD)
imapcmds: TLS:LAYER: Session ID: D5:E1:0A:0E:6A:70:D8:C4:A0:E5:5F:E3:4C:CC:24:01:0C:35:D0:C3:C4:28:5B:2B:67:E7:EA:D5:15:22:B4:F3
imapcmds: TLS:LAYER: Ephemeral EC Diffie-Hellman parameters
imapcmds: TLS:LAYER:  Using curve: SECP384R1
imapcmds: TLS:LAYER:  Curve size: 384 bits
imapcmds: TLS:LAYER: Cipher Suite: ECDHE_RSA_AES_256_GCM_SHA384
imapcmds: TLS:LAYER: Version: TLS1.2
imapcmds: TLS:LAYER: Key Exchange: ECDHE-RSA
imapcmds: TLS:LAYER: Cipher: AES-256-GCM
imapcmds: TLS:LAYER: MAC: AEAD
imapcmds: TLS:LAYER: Compression: NULL
imapcmds: TLS:LAYER: Server Signature: RSA-SHA256
imapcmds: TLS:LAYER: Channel binding 'tls-unique': 277a88802c06eaedb6aa1d95
imapcmds: CERT:VERIFY: Peer's certificate issuer is unknown
imapcmds: CERT:VERIFY: Peer's certificate is NOT trusted
imapcmds: CERT[0]:VERIFY: The hostname in the certificate does NOT match 'cen06x64c3.xen.wbcd.pl'
imapcmds: CERT[0]:VERIFY: Issuer : C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=Webbot Certification Authority,EMAIL=ssl@wbcd.pl
imapcmds: CERT[0]:VERIFY: Subject: C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=cen06x64.xen.wbcd.pl,EMAIL=ssl@wbcd.pl
imapcmds: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Not Before: 2014/04/04 22:33:09
imapcmds: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Not After : 2024/04/01 22:33:09
imapcmds: CERT[0]:VERIFY: CERT:DATE:OK   Validity: Cert expire after 2217 [d] (191570739 [s]))
imapcmds: X.509: Version: 3
imapcmds: X.509: Serial Number (hex): 0A
imapcmds: X.509: Signature Algorithm: RSA-SHA1
imapcmds: X.509: Issuer : C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=Webbot Certification Authority,EMAIL=ssl@wbcd.pl
imapcmds: X.509: Subject: C=PL,ST=Mazowieckie,O=Webbot\, Inc.,OU=Webbot Trust Network,CN=cen06x64.xen.wbcd.pl,EMAIL=ssl@wbcd.pl
imapcmds: X.509: Validity: Not Before: 2014/04/04 22:33:09
imapcmds: X.509: Validity: Not After : 2024/04/01 22:33:09
imapcmds: X.509: Subject Public Key Info: Public Key Algorithm: RSA (4096 bits)
imapcmds: X.509: Extensions: Basic Constraints: (not critical) CA:FALSE
imapcmds: X.509: Extensions: Key usage: (not critical) Digital signature.
imapcmds: X.509: Extensions: Key usage: (not critical) Key encipherment.
imapcmds: X.509: Extensions: Key purpose OIDs:(not critical) TLS WWW Server.
imapcmds: X.509: Extensions: Key purpose OIDs:(not critical) TLS WWW Client.
imapcmds: X.509: Extensions: Other Information: MD5 fingerprint:   f319a7e502fc326c5f5d5714015cf52b
imapcmds: X.509: Extensions: Other Information: SHA-1 fingerprint: dd12d6735c1e4c42570f1d58b687457f90403c5e
imapcmds: X.509: Extensions: Other Information: Public Key Id:     f060fc3fc9ff5616ba3f8d81fe279acea3b2ae0a
imap://10.41.0.58:143/ dnsq=0.000, conn=0.001, bann=0.000, starttls=0.001, socktls=0.261, auth=0.000, quit=0.001, comm=0.002, summ=0.602, result=0:DONE OK Logout completed.

#top Protocol Secure¶

#top Remove Service Version Information¶

#top Add HTTP Response Headers Security¶

Niedotyczy! Zalecana konfiguracja dotyczy serwerów obsługujących protokół HTTP.

#top TLS Secure¶

#top Disable SSLv2/SSLv3 Protocols¶

#top Disable weak Cipher Suites¶

#top Disable RC4 CipherSuite¶

#top Disable Anonymous CipherSuite¶

#top Disable SSL Compression¶

The openssl packages in Red Hat Enterprise Linux 5 (starting with RHBA-2009:0181 update released in Red Hat Enterprise Linux 5.3) and 6, and also in Fedora, contain a patch that makes the library check if OPENSSL_NO_DEFAULT_ZLIB environment variable is set (can have arbitrary value, even empty string) and disable the default zlib support.

Setting the OPENSSL_NO_DEFAULT_ZLIB environment variable before starting a client or a server application using OpenSSL can be used to disable zlib compression support and hence mitigate this flaw. For example, httpd with mod_ssl has compression enabled by default in Red Hat Enterprise Linux 5 and 6, and hence it is used when client also supports it. Adding the following line to the /etc/sysconfig/httpd file:

export OPENSSL_NO_DEFAULT_ZLIB=1

and restarting the httpd service disables the use of SSL/TLS compression in mod_ssl and the compression will not be negotiated even when connecting client supports it. Note that this environment variable only affects the use of SSL/TLS protocol compression and does not affect the use of HTTP protocol compression implemented by the mod_deflate module.

CVE-2012-4929 SSL/TLS CRIME attack against HTTPS

The MITRE CVE dictionary describes this issue as:

The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack.

Find out more about CVE-2012-4929 from the MITRE CVE dictionary and NIST NVD.

Vulnerability Summary for CVE-2009-1891

The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack.

#top Set custom DH parameters¶

#top Avoid certificates with Signature Algorithm: SHA1¶

After Jan. 1, 2016, Firefox will present an "Untrusted Connection" error when a newly issued SHA-1 certificate is encountered, and after Jan. 1, 2017, Firefox will present an "Untrusted Connection" error whenever a SHA-1 certificate is encountered at all, according to a Tuesday post.

SHA-1 has been around for nearly two decades, and in recent years researchers have demonstrated SHA-1 mathematical weaknesses that could be exploited given enough time and computing power, Richard Barnes, engineering manager, cryptography and PKI, with Mozilla, told SCMagazine.com in a Wednesday email correspondence.

Mozilla Security Blog

Many of the certificates used by secure websites today are signed using algorithms based on a hash algorithm called SHA-1. The integrity of the hash algorithm used in signing a certificate is a critical element in the security of the certificate. Weaknesses in hash algorithms can lead to situations in which attackers can obtain fraudulent certificates. Mozilla, along with other browser vendors, is working on a plan to phase out support for the SHA-1 hash algorithm.

SHA-1 is nearly twenty years old, and is beginning to show its age. In the last few years, collision attacks undermining some properties of SHA-1 have been getting close to being practical. Collision attacks against the older MD5 hash algorithm have been used to obtain fraudulent certificates, so the improving feasibility of collision attacks against SHA-1 is concerning. In order to avoid the need for a rapid transition should a critical attack against SHA-1 be discovered, we are proactively phasing out SHA-1.

#top mail_uid,mail_gid¶

Opcje konfiguracyjne mail_uid oraz mail_gid określają uid oraz gid użytkownika w systemie na uprawnieniach którego będą wykonywane operacje związane z zarządzaniem skrzynką pocztową oraz wiadomościami w skrzynce. Natomiast opcje konfiguracyjne first_valid_uid oraz first_valid_gid określają pierwszy prawidłowy uid oraz gid użytkownika w systemie, który może zostać użyty jako identyfikator użytkownika oraz grupy. Domyślnie opcja first_valid_gid nie jest restrykcyjna i pozwala na stosowanie dowolnego gid jako identyfikator grupy użytkownika w systemie. Natomiast opcja first_valid_uid domyślnie jest nieco bardziej restrykcyjna i nie pozwala na stosowanie uid użytkownika w systemie poniżej wartości 500, efektem czego może być zaobserwowanie w logach serwera pocztowego poniższego komunikatu:

Couldn't drop privileges: Mail access for users with UID 450 not permitted (see first_valid_uid in config file)

Zgodnie z informacją w komunikacie należy sprawdzić konfigurację opcji first_valid_uid. Domyślna wartość #first_valid_uid = 500 nie pozwala na stosowanie jako mail_uid wartości mniejszych niż 500 dlatego należy w zależności od wersji serwera Dovecot w odpowiednim pliku ustawić wartość first_valid_uid na najmniejszą stosowaną wartość wykorzystywaną jako uid.

#top dovecot 1.* (CentOS 5.*)¶

W serwerze Dovecot w wersji 1.* (CentOS 5.*) powyższe opcje znajdują się w pliku /etc/dovecot.conf:

# System user and group used to access mails. If you use multiple, userdb
# can override these by returning uid or gid fields. You can use either numbers
# or names. <doc/wiki/UserIds.txt>
#mail_uid =
#mail_gid =
mail_uid = 450
mail_gid = 450

# Valid UID range for users, defaults to 500 and above. This is mostly
# to make sure that users can't log in as daemons or other system users.
# Note that denying root logins is hardcoded to dovecot binary and can't
# be done even if first_valid_uid is set to 0.
#first_valid_uid = 500
#last_valid_uid = 0
first_valid_uid = 450

# Valid GID range for users, defaults to non-root/wheel. Users having
# non-valid GID as primary group ID aren't allowed to log in. If user
# belongs to supplementary groups with non-valid GIDs, those groups are
# not set.
#first_valid_gid = 1
#last_valid_gid = 0

#top dovecot 2.* (CentOS 6.*)¶

W serwerze Dovecot w wersji 2.* (CentOS 5.*) powyższe opcje znajdują się w pliku /etc/dovecot/conf.d/10-mail.conf:

# System user and group used to access mails. If you use multiple, userdb
# can override these by returning uid or gid fields. You can use either numbers
# or names. <doc/wiki/UserIds.txt>
#mail_uid =
#mail_gid =
mail_uid = 450
mail_gid = 450

# Valid UID range for users, defaults to 500 and above. This is mostly
# to make sure that users can't log in as daemons or other system users.
# Note that denying root logins is hardcoded to dovecot binary and can't
# be done even if first_valid_uid is set to 0.
#first_valid_uid = 500
#last_valid_uid = 0
first_valid_uid = 450

# Valid GID range for users, defaults to non-root/wheel. Users having
# non-valid GID as primary group ID aren't allowed to log in. If user
# belongs to supplementary groups with non-valid GIDs, those groups are
# not set.
#first_valid_gid = 1
#last_valid_gid = 0

Zmodyfikowany ostatnio: 2018/04/11 23:28:37 (6 lat temu), textsize: 81,6 kB, htmlsize: 102 kB

Zapraszam do komentowania, zgłaszania sugestii, propozycji, własnych przykładów, ...

Dodaj komentarzKomentarze użytkowników