Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

TLS connection error to IMAP server

See original GitHub issue

I’m having a similar issue that this person https://github.com/mscdex/node-imap/issues/308 was having.

I’m attempting to connect to a Microsoft Exchange server on port 143 with TLS enabled. However, I get this error: [connection] Error: Error: 140217773680416:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:../deps/openssl/openssl/ssl/s23_clnt.c:794

I am able to connect to the server using this openssl command: openssl s_client -starttls imap -msg -crlf -connect mail.example.com:143 I can issue IMAP commands and such.

Here is the wireshark output. I think I’ve edited it down to the essential bits. Let me know if anything is missing.

Running my script, openssl s_client, shows this traffic:

125 10.112214120 10.211.8.68 10.213.1.50 TCP 74 51604 > imap [SYN] Seq=0 Win=14600 Len=0 MSS=1460 SACK_PERM=1 TSval=223285813 TSecr=0 WS=128 137 10.354945030 10.213.1.50 10.211.8.68 IMAP 87 Response: . OK Begin TLS negotiation now. 129 10.173136966 10.211.8.68 10.213.1.50 TCP 54 51604 > imap [ACK] Seq=1 Ack=1 Win=14720 Len=0 130 10.235681879 10.213.1.50 10.211.8.68 IMAP 107 Response: * OK The Microsoft Exchange IMAP4 service is ready. 131 10.235751655 10.211.8.68 10.213.1.50 TCP 54 51604 > imap [ACK] Seq=1 Ack=54 Win=14720 Len=0 132 10.235811689 10.211.8.68 10.213.1.50 IMAP 68 Request: . CAPABILITY 134 10.289300937 10.213.1.50 10.211.8.68 TCP 60 imap > 51604 [ACK] Seq=54 Ack=15 Win=5840 Len=0 135 10.290101246 10.213.1.50 10.211.8.68 IMAP 176 Response: * CAPABILITY IMAP4 IMAP4rev1 LOGINDISABLED STARTTLS UIDPLUS CHILDREN IDLE NAMESPACE LITERAL+ 136 10.292096022 10.211.8.68 10.213.1.50 IMAP 66 Request: . STARTTLS 137 10.354945030 10.213.1.50 10.211.8.68 IMAP 87 Response: . OK Begin TLS negotiation now. 144 10.357182000 10.211.8.68 10.213.1.50 IMAP 303 Request: \026\003\001\000\364\001\000\000\360\003\003Vx7\237\241\320\225R\276\323JW1\300$*\375\2452]\020\037F\036t\234\201N\317\343c\356\000\000\204\3000\300,\300(\300$\300\024\300 146 10.460483471 10.213.1.50 10.211.8.68 IMAP 1514 Response: \026\003\001\f\272\002\000\000M\003\001Vx7\237\331Ys\323\307j\354\221\333\271E\253\356M\211(\260\037\v\276

Running my node imap_test script, this is the traffic seen:

22 1.344665081 10.211.8.68 10.213.1.50 TCP 74 51609 > imap [SYN] Seq=0 Win=14600 Len=0 MSS=1460 SACK_PERM=1 TSval=224396278 TSecr=0 WS=128 23 1.408205948 10.213.1.50 10.211.8.68 TCP 66 imap > 51609 [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1350 SACK_PERM=1 WS=2 24 1.408253374 10.211.8.68 10.213.1.50 TCP 54 51609 > imap [ACK] Seq=1 Ack=1 Win=14720 Len=0 25 1.417443826 10.211.8.68 10.213.1.50 IMAP 316 Request: \026\003\001\001\001\001\000\000\375\003\003\350\324\005\242\352\310h\232GM\255\222\323M\030\301\331A\204\3576\240U\244y.\311\312\352\243\333\016\000\000\200\300/\300+\3000\300,\000\236\300’\000g\300(\000k\300$\300\024\300 27 1.592759547 10.213.1.50 10.211.8.68 TCP 60 imap > 51609 [ACK] Seq=1 Ack=263 Win=6912 Len=0 28 1.593253915 10.213.1.50 10.211.8.68 IMAP 107 Response: * OK The Microsoft Exchange IMAP4 service is ready. 29 1.593275850 10.211.8.68 10.213.1.50 TCP 54 51609 > imap [ACK] Seq=263 Ack=54 Win=14720 Len=0

It looks like the STARTTLS negotiation is happening out of order. Any help is greatly appreciated.

Issue Analytics

State:
Created 8 years ago
Comments:5 (2 by maintainers)

Top GitHub Comments

1reaction

mscdexcommented, Dec 21, 2015

It looks like you are using tls: true, but for STARTTLS you should be using tls: false, autotls: 'required' . Setting tls: true performs an implicit TLS session.

0reactions

jarodmcommented, Dec 21, 2015

Great! Thank you for your help.