Trying to explain mutt+ssl to myself :(
Hi all,
I have recently migrated my mail from courier-imap to dovecot.
In doing so, I finally configured mutt to connect to imaps (SSL).
In the end I got it all working. I then sat back and thought:
"I kinda don't understand the SSL/TLS part even though it works".
And I hate setting stuff up and not truely understanding the
mechanics of it.
So I started to write about it and am stuck. Can those that
_understand_ mutt+ssl have a read of what I wrote to myself and
give me your $00.02 worth (corrections etc).
Trying to explain mutt+ssl and getting it all wrong
---------------------------------------------------
* mutt(with openssl support built in) initiates with a "SSL-Client-Hello"
to SSL on port 993
i.e. mutt's capabilities (algorithms, SSL version etc).
* dovecot:993 compares mutt's CipherSuites with its own. Of the
CipherSuites mutt and dovecot
have in common, dovecot:993 chooses the _most_ secure algorithm.
* Dovecot:993 will then tell mutt what it has decided to use and assigns a
Unique session ID.
From now on all communication is via this ID.
* Now that the CipherSuite is set between mutt and dovecot, dovecot sends
its SSL certificate
to mutt [/usr/local/share/dovecot/certs/dovecot.pem].
mutt then uses dovecot's corresponding public key
[/usr/local/share/dovecot/private/dovecot.pem]
to verify that the ceritificate is authentic.
* once mutt has verified that the certificate is authentic
... and here I got unstuck.
Cheers
-aW
IMPORTANT: This email remains the property of the Australian Defence
Organisation and is subject to the jurisdiction of section 70 of the CRIMES ACT
1914. If you have received this email in error, you are requested to contact
the sender and delete the email.