Page MenuHomePhorge
Create Task
Maniphest T492

Configure Roundcube to accept self-signed certs by default (IMAP/SMTP)
Closed, ResolvedPublic1 Story Points
Actions

Description

Recent versions of PHP (namely 5.6 and thereafter) have changed the default options used against the OpenSSL libraries, such that self-signed certificates are no longer considered valid by default and SSL and TLS connections using self-signed certificates will fail.

Kolab sets up the system with Cyrus IMAP and Postfix both using self-signed certificates which are not made a part of any system-wide CA bundle, causing a default installation to not have a functional webclient.

The solution is to configure:

$config['imap_conn_options'] = array(
        'ssl' => array(
            'verify_peer'       => true,
            'allow_self_signed' => true,
            'peer_name'         => 'localhost',
            'ciphers'           => 'TLSv1+HIGH:!aNull:@STRENGTH',
            'cafile'            => '/etc/pki/cyrus-imapd/cyrus-imapd.pem',
        ),
    );

$config['smtp_conn_options'] = array(
        'ssl' => array(
            'verify_peer'       => true,
            'allow_self_signed' => true,
            'peer_name'         => 'localhost',
            'ciphers'           => 'TLSv1+HIGH:!aNull:@STRENGTH',
            'cafile'            => '/etc/pki/tls/private/localhost.pem',
        ),
    );

Adjusted where necessary for specific deployment options (including `s/ssl/tls/'?).

Details

Ticket Type
Task

Event Timeline

vanmeeuwen created this task.Jun 17 2015, 11:36 AM
vanmeeuwen raised the priority of this task from to 60.
vanmeeuwen updated the task description. (Show Details)
vanmeeuwen added projects: PyKolab, Product Owners.
vanmeeuwen changed Ticket Type from Task to Task.
vanmeeuwen subscribed.
machniak subscribed.Jun 17 2015, 11:58 AM

There's also managesieve_conn_options which need to be set or the code should be changed to fallback to imap_conn_options if not set?

grote moved this task from Incoming to Ready for Sprint on the Product Owners board.Jun 24 2015, 2:53 PM
grote added a project: Restricted Project.Jul 1 2015, 2:17 PM
grote moved this task from Ready for Sprint to In Sprint on the Product Owners board.
vanmeeuwen edited a custom field.Jul 3 2015, 3:54 PM
grote moved this task from In Sprint to Ready for Sprint on the Product Owners board.Jul 29 2015, 2:21 PM
vanmeeuwen closed this task as Resolved.Aug 17 2015, 11:24 AM
vanmeeuwen claimed this task.
vanmeeuwen added a project: Restricted Project.

Included in pykolab-0.7.15.

vanmeeuwen moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.Aug 17 2015, 11:24 AM