I use dovecot on several servers. One of them uses a self-signed cert, it's just me. It worked fine until yesterday when I upgraded my desktop (NOT the server) to CentOS 7.4 Now thunderbird complains when it starts up, and won't let me confirm the security exception. On the server the following error occurs in the log: Sep 25 20:17:49 librelamp dovecot: imap-login: Disconnected (no auth attempts in 1 secs): user=<>, rip=2600:1010:b064:f260:e83e:562d:2316:18df, lip=2600:3c01::f03c:91ff:fee4:310c, TLS handshaking: SSL_accept() failed: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca: SSL alert number 48, session=<u7agQAlasK8mABAQsGTyYOg+Vi0jFhjf> I believe this is a client issue, as it worked just fine in CentOS 7.3 client, but I am hoping this has been seen and fixed before.
It does look like a client issue. Do you also have some kind of AV running? There are some AV software that can sometimes interfere with mail sessions. See if you might be running into a similar situation: https://support.mozilla.org/en-US/questions/1066126 Cheers, -- TC On 9/25/17 1:27 PM, Michael A. Peters wrote:> I use dovecot on several servers. One of them uses a self-signed cert, > it's just me. > > It worked fine until yesterday when I upgraded my desktop (NOT the > server) to CentOS 7.4 > > Now thunderbird complains when it starts up, and won't let me confirm > the security exception. > > On the server the following error occurs in the log: > > Sep 25 20:17:49 librelamp dovecot: imap-login: Disconnected (no auth > attempts in 1 secs): user=<>, > rip=2600:1010:b064:f260:e83e:562d:2316:18df, > lip=2600:3c01::f03c:91ff:fee4:310c, TLS handshaking: SSL_accept() > failed: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert > unknown ca: SSL alert number 48, > session=<u7agQAlasK8mABAQsGTyYOg+Vi0jFhjf> > > I believe this is a client issue, as it worked just fine in CentOS 7.3 > client, but I am hoping this has been seen and fixed before.
I'm not running any A/V software, and the same version of dovecot on servers with CA signed certs (komodo) - the client connects to them just fine. On 09/25/2017 01:40 PM, Tony wrote:> It does look like a client issue. Do you also have some kind of AV > running? There are some AV software that can sometimes interfere with > mail sessions. See if you might be running into a similar situation: > https://support.mozilla.org/en-US/questions/1066126 > > Cheers, > -- > TC > > On 9/25/17 1:27 PM, Michael A. Peters wrote: >> I use dovecot on several servers. One of them uses a self-signed cert, >> it's just me. >> >> It worked fine until yesterday when I upgraded my desktop (NOT the >> server) to CentOS 7.4 >> >> Now thunderbird complains when it starts up, and won't let me confirm >> the security exception. >> >> On the server the following error occurs in the log: >> >> Sep 25 20:17:49 librelamp dovecot: imap-login: Disconnected (no auth >> attempts in 1 secs): user=<>, >> rip=2600:1010:b064:f260:e83e:562d:2316:18df, >> lip=2600:3c01::f03c:91ff:fee4:310c, TLS handshaking: SSL_accept() >> failed: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert >> unknown ca: SSL alert number 48, >> session=<u7agQAlasK8mABAQsGTyYOg+Vi0jFhjf> >> >> I believe this is a client issue, as it worked just fine in CentOS 7.3 >> client, but I am hoping this has been seen and fixed before.