I don't have an answer but part of your premise confuses me. You said: "He can connect via ... in-home wifi over vpn to office, and shaw open wifi outside". if he can connect on public wifi (Shaw), why does he need a VPN to connect from home? And why did you mention Shaw public wifi specifically? Why not all public wifi?

I'm not an IOS guy at all but I was under the impression that iPhones will not connect without a valid certificate, including situations where a valid certificates name does not match the domain name. I've commonly seen this in situations where a phone connects to an internal Wifi and the phone does a DNS lookup for an external name, but then ends up hitting an internal IP address with a self-signed internal domain trusted certificate. Since the phone is not domain joined (unlike corporate laptops for example, it doesn't trust the cert and refuses to connect.

One solution is to manually install the certificate on the iPhone.

That being said, it doesn't match your scenario so I'm not sure this is your problem.

John

On Mon, Mar 7, 2016 at 1:40 PM, Theodore Baschak <theodore@ciscodude.net> wrote:

Not that I'd expect this to be the underlying cause, but have you tried with a valid cert? https://letsencrypt.org/ makes this free for those dabble in TLS without spending a fortune.

Theodore Baschak
https://ciscodude.net/
https://theodorebaschak.com/

On Mon, Mar 7, 2016 at 12:30 PM, Trevor Cordes <trevor@tecnopolis.ca> wrote:
Brad & I are having a weird problem with his iphone 4S (with the latest
iOS versions).

iphone builtin mail
imaps (port 993)
ssl (self-signed) (old ciphers disabled on server)
dovecot

He can connect to imap with the above config on his in-office wifi,
in-home wifi over vpn to office, and shaw open wifi outside his
office/home network.

If he switches to 3G (I don't think his phone does LTE) then suddenly he
can't connect! (With some useless "can't connect" error.)

Huh? Duh?

Exact same setup and settings on an iphone 5 works fine. Also works fine
on Android. The problem is just on his 4S.

Even more interesting, if he wifi tethers a PC to his 4S over 3G and hits
imaps using thunderbird on the PC it works fine.

My question is, what on earth does changing the connection layer have
anything to do with this? Can the phone be doing something differently in
the mail app depending on 3G or wifi??? Can the 3G network be blocking
something (unlikely since the tethered PC works)? It make no sense
whatsoever to me. Maybe his phone is p0wned? I'm stumped. Ideas?
_______________________________________________
Roundtable mailing list
Roundtable@muug.mb.ca
http://www.muug.mb.ca/mailman/listinfo/roundtable

_______________________________________________
Roundtable mailing list
Roundtable@muug.mb.ca
http://www.muug.mb.ca/mailman/listinfo/roundtable

John Lange
www.johnlange.ca