hello, and some update short version: the error is still there, but I have some more data to share, thanks in advance for further advice first, I am using Mutt 1.10.1 (2018-07-13) as mail client, so it is not an obsolete version. second... at the moment I can send email through postfix on the same server, with the same certificates (almost: I still have to fix some stuff, but is NOT related to SSL/TLS, e.g reverse DNS). However, running openssl as requested returns "no peer certificate available", and when I connect with mutt to dovecot I still get the "no shared cipher" error. These are the permissions on the certificate files: ls -l /etc/letsencrypt/archive/<MYSERVER>/fullchain1.pem /etc/letsencrypt/archive/<MYSERVER>/privkey1.pem -r--------. 1 root root 3546 Dec 7 11:59 /etc/letsencrypt/archive/<MYSERVER>/fullchain1.pem -r--------. 1 root root 1704 Dec 7 11:59 /etc/letsencrypt/archive/<MYSERVER>/privkey1.pem output of openssl, dovecot -n, its current SSL settings and excerpt of the log file are all below. openssl s_client -host MY.ACTUAL.HOSTNAME.HERE -port 993 CONNECTED(00000003) 140141825717912:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:769: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 305 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None Start Time: 1544521696 Timeout : 300 (sec) Verify return code: 0 (ok) --- current SSL dovecot settings in conf.d/10-ssl.conf ssl = yes ssl_prefer_server_ciphers = yes ssl_dh_parameters_length = 2048 sl_min_protocol = TLSv1.2 ssl_cert = </etc/letsencrypt/archive/<MYSERVER>/fullchain1.pem ssl_key = </etc/letsencrypt/archive/<MYSERVER>/privkey1.pem ssl_cipher_list = ALL output of dovecot -n: # OS: Linux 3.10.0-957.1.3.el7.x86_64 x86_64 CentOS Linux release 7.6.1810 (Core) ext4 # Hostname: SERVER NAME auth_debug = yes auth_mechanisms = plain login auth_verbose = yes auth_verbose_passwords = plain mail_location = maildir:/var/mail/mymail_storage/base/ passdb { args = /etc/imap.v_users driver = passwd-file } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } } service imap-login { inet_listener imap { port = 0 } inet_listener imaps { port = 993 } } ssl = required userdb { args = /etc/imap.v_users driver = passwd-file } verbose_ssl = yes this is the error message I get by when I tried to connect with mutt: Dec 11 08:34:26 MYSERVER dovecot: master: Dovecot v2.2.36 (1f10bfa63) starting up for imap, pop3, lmtp (core dumps disabled) Dec 11 08:34:34 MYSERVER dovecot: imap-login: Debug: SSL: where=0x10, ret=1: before/accept initialization [my.home.ip.address] Dec 11 08:34:34 MYSERVER dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: before/accept initialization [my.home.ip.address] Dec 11 08:34:34 MYSERVER dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv2/v3 read client hello A [my.home.ip.address] Dec 11 08:34:34 MYSERVER dovecot: imap-login: Warning: SSL alert: where=0x4008, ret=552: fatal handshake failure [my.home.ip.address] Dec 11 08:34:34 MYSERVER dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: error [my.home.ip.address] Dec 11 08:34:34 MYSERVER dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: error [my.home.ip.address] Dec 11 08:34:34 MYSERVER dovecot: imap-login: Debug: SSL error: SSL_accept() failed: error:1408A0C1:SSL routines:ssl3_get_client_hello: Dec 11 08:34:34 MYSERVER dovecot: imap-login: Disconnected (disconnected before auth was ready, waited 0 secs): user=<>, rip=my.home.ip.address, lip=my.vps.ip.address, TLS hands haking: SSL_accept() failed: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher, session=<H8roHLp86psvNZ88> Dec 11 08:34:34 MYSERVER dovecot: auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth Dec 11 08:34:34 MYSERVER dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/lib20_auth_var_expand_crypt.so Dec 11 08:34:34 MYSERVER dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.so Dec 11 08:34:34 MYSERVER dovecot: auth: Debug: Read auth token secret from /var/run/dovecot/auth-token-secret.dat Dec 11 08:34:34 MYSERVER dovecot: auth: Debug: passwd-file /etc/imap.v_users: Read 1 users in 0 secs
Hi! You have misconfigured service imap-login, remove the 993 listener config (it's there by default) or add ssl = yes to it. Aki On 11.12.2018 11.58, Marco Fioretti wrote:> hello, and some update > short version: the error is still there, but I have some more data to > share, thanks in advance for further advice > > first, I am using Mutt 1.10.1 (2018-07-13) as mail client, so it is > not an obsolete version. > second... at the moment I can send email through postfix on the same > server, with the > same certificates (almost: I still have to fix some stuff, but is NOT > related to SSL/TLS, e.g > reverse DNS). > > However, running openssl as requested returns "no peer certificate > available", and when > I connect with mutt to dovecot I still get the "no shared cipher" > error. These are the permissions > on the certificate files: > > ls -l /etc/letsencrypt/archive/<MYSERVER>/fullchain1.pem > /etc/letsencrypt/archive/<MYSERVER>/privkey1.pem > -r--------. 1 root root 3546 Dec 7 11:59 > /etc/letsencrypt/archive/<MYSERVER>/fullchain1.pem > -r--------. 1 root root 1704 Dec 7 11:59 > /etc/letsencrypt/archive/<MYSERVER>/privkey1.pem > > output of openssl, dovecot -n, its current SSL settings and excerpt of > the log file are all below. > > openssl s_client -host MY.ACTUAL.HOSTNAME.HERE -port 993 > CONNECTED(00000003) > 140141825717912:error:14077410:SSL > routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake > failure:s23_clnt.c:769: > --- > no peer certificate available > --- > No client certificate CA names sent > --- > SSL handshake has read 7 bytes and written 305 bytes > --- > New, (NONE), Cipher is (NONE) > Secure Renegotiation IS NOT supported > Compression: NONE > Expansion: NONE > No ALPN negotiated > SSL-Session: > Protocol : TLSv1.2 > Cipher : 0000 > Session-ID: > Session-ID-ctx: > Master-Key: > Key-Arg : None > PSK identity: None > PSK identity hint: None > SRP username: None > Start Time: 1544521696 > Timeout : 300 (sec) > Verify return code: 0 (ok) > --- > > current SSL dovecot settings in conf.d/10-ssl.conf > > ssl = yes > > ssl_prefer_server_ciphers = yes > > ssl_dh_parameters_length = 2048 > > sl_min_protocol = TLSv1.2 > > ssl_cert = </etc/letsencrypt/archive/<MYSERVER>/fullchain1.pem > ssl_key = </etc/letsencrypt/archive/<MYSERVER>/privkey1.pem > > ssl_cipher_list = ALL > > output of dovecot -n: > > # OS: Linux 3.10.0-957.1.3.el7.x86_64 x86_64 CentOS Linux release > 7.6.1810 (Core) ext4 > # Hostname: SERVER NAME > auth_debug = yes > auth_mechanisms = plain login > auth_verbose = yes > auth_verbose_passwords = plain > mail_location = maildir:/var/mail/mymail_storage/base/ > passdb { > args = /etc/imap.v_users > driver = passwd-file > } > service auth { > unix_listener /var/spool/postfix/private/auth { > group = postfix > mode = 0660 > user = postfix > } > } > service imap-login { > inet_listener imap { > port = 0 > } > inet_listener imaps { > port = 993 > } > } > ssl = required > userdb { > args = /etc/imap.v_users > driver = passwd-file > } > verbose_ssl = yes > > > > > > this is the error message I get by when I tried to connect with mutt: > > > Dec 11 08:34:26 MYSERVER dovecot: master: Dovecot v2.2.36 (1f10bfa63) > starting up for imap, pop3, lmtp (core dumps disabled) > Dec 11 08:34:34 MYSERVER dovecot: imap-login: Debug: SSL: where=0x10, > ret=1: before/accept initialization [my.home.ip.address] > Dec 11 08:34:34 MYSERVER dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: before/accept initialization [my.home.ip.address] > Dec 11 08:34:34 MYSERVER dovecot: imap-login: Debug: SSL: > where=0x2002, ret=-1: SSLv2/v3 read client hello A > [my.home.ip.address] > Dec 11 08:34:34 MYSERVER dovecot: imap-login: Warning: SSL alert: > where=0x4008, ret=552: fatal handshake failure [my.home.ip.address] > Dec 11 08:34:34 MYSERVER dovecot: imap-login: Debug: SSL: > where=0x2002, ret=-1: error [my.home.ip.address] > Dec 11 08:34:34 MYSERVER dovecot: imap-login: Debug: SSL: > where=0x2002, ret=-1: error [my.home.ip.address] > Dec 11 08:34:34 MYSERVER dovecot: imap-login: Debug: SSL error: > SSL_accept() failed: error:1408A0C1:SSL > routines:ssl3_get_client_hello: > Dec 11 08:34:34 MYSERVER dovecot: imap-login: Disconnected > (disconnected before auth was ready, waited 0 secs): user=<>, > rip=my.home.ip.address, lip=my.vps.ip.address, TLS hands > haking: SSL_accept() failed: error:1408A0C1:SSL > routines:ssl3_get_client_hello:no shared cipher, > session=<H8roHLp86psvNZ88> > Dec 11 08:34:34 MYSERVER dovecot: auth: Debug: Loading modules from > directory: /usr/lib64/dovecot/auth > Dec 11 08:34:34 MYSERVER dovecot: auth: Debug: Module loaded: > /usr/lib64/dovecot/auth/lib20_auth_var_expand_crypt.so > Dec 11 08:34:34 MYSERVER dovecot: auth: Debug: Module loaded: > /usr/lib64/dovecot/auth/libdriver_sqlite.so > Dec 11 08:34:34 MYSERVER dovecot: auth: Debug: Read auth token secret > from /var/run/dovecot/auth-token-secret.dat > Dec 11 08:34:34 MYSERVER dovecot: auth: Debug: passwd-file > /etc/imap.v_users: Read 1 users in 0 secs
Hello Aki, maybe I misunderstood you, but both adding an "ssl = yes" line to this section of dovecot.conf, and commenting out the whole "four lines starting at "inet_listener imaps" do not have any effect : service imap-login { inet_listener imap { port = 0 } inet_listener imaps { port = 993 ssl = yes } } this is the error I still get after restarting dovecot, and trying again to connect with mutt: ogin: Debug: SSL: where=0x10, ret=1: before/accept initialization [my.home.ip.address] Dec 11 11:06:47 SERVERNAME dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: before/accept initialization [my.home.ip.address] Dec 11 11:06:47 SERVERNAME dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv2/v3 read client hello A [my.home.ip.address] Dec 11 11:06:47 SERVERNAME dovecot: imap-login: Warning: SSL alert: where=0x4008, ret=552: fatal handshake failure [my.home.ip.address] Dec 11 11:06:47 SERVERNAME dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: error [my.home.ip.address] Dec 11 11:06:47 SERVERNAME dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: error [my.home.ip.address] Dec 11 11:06:47 SERVERNAME dovecot: imap-login: Debug: SSL error: SSL_accept() failed: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher Dec 11 11:06:47 SERVERNAME dovecot: imap-login: Disconnected (disconnected before auth was ready, waited 0 secs): user=<>, rip=my.home.ip.address, lip=server.ip.address, TLS handshaking: SSL_accept() failed: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher, session=<zdRFPbx8xp4vNZ88> Dec 11 11:06:47 SERVERNAME dovecot: auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth Dec 11 11:06:47 SERVERNAME dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/lib20_auth_var_expand_crypt.so Dec 11 11:06:47 SERVERNAME dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.so Dec 11 11:06:47 SERVERNAME dovecot: auth: Debug: Read auth token secret from /var/run/dovecot/auth-token-secret.dat Dec 11 11:06:47 SERVERNAME dovecot: auth: Debug: passwd-file /etc/imap.v_users: Read 1 users Il giorno mar 11 dic 2018 alle ore 11:01 Aki Tuomi <aki.tuomi at open-xchange.com> ha scritto:> > Hi! > > You have misconfigured service imap-login, remove the 993 listener > config (it's there by default) or add ssl = yes to it. > > Aki > > On 11.12.2018 11.58, Marco Fioretti wrote: > > hello, and some update > > short version: the error is still there, but I have some more data to > > share, thanks in advance for further advice > > > > first, I am using Mutt 1.10.1 (2018-07-13) as mail client, so it is > > not an obsolete version. > > second... at the moment I can send email through postfix on the same > > server, with the > > same certificates (almost: I still have to fix some stuff, but is NOT > > related to SSL/TLS, e.g > > reverse DNS). > > > > However, running openssl as requested returns "no peer certificate > > available", and when > > I connect with mutt to dovecot I still get the "no shared cipher" > > error. These are the permissions > > on the certificate files: > > > > ls -l /etc/letsencrypt/archive/<MYSERVER>/fullchain1.pem > > /etc/letsencrypt/archive/<MYSERVER>/privkey1.pem > > -r--------. 1 root root 3546 Dec 7 11:59 > > /etc/letsencrypt/archive/<MYSERVER>/fullchain1.pem > > -r--------. 1 root root 1704 Dec 7 11:59 > > /etc/letsencrypt/archive/<MYSERVER>/privkey1.pem > > > > output of openssl, dovecot -n, its current SSL settings and excerpt of > > the log file are all below. > > > > openssl s_client -host MY.ACTUAL.HOSTNAME.HERE -port 993 > > CONNECTED(00000003) > > 140141825717912:error:14077410:SSL > > routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake > > failure:s23_clnt.c:769: > > --- > > no peer certificate available > > --- > > No client certificate CA names sent > > --- > > SSL handshake has read 7 bytes and written 305 bytes > > --- > > New, (NONE), Cipher is (NONE) > > Secure Renegotiation IS NOT supported > > Compression: NONE > > Expansion: NONE > > No ALPN negotiated > > SSL-Session: > > Protocol : TLSv1.2 > > Cipher : 0000 > > Session-ID: > > Session-ID-ctx: > > Master-Key: > > Key-Arg : None > > PSK identity: None > > PSK identity hint: None > > SRP username: None > > Start Time: 1544521696 > > Timeout : 300 (sec) > > Verify return code: 0 (ok) > > --- > > > > current SSL dovecot settings in conf.d/10-ssl.conf > > > > ssl = yes > > > > ssl_prefer_server_ciphers = yes > > > > ssl_dh_parameters_length = 2048 > > > > sl_min_protocol = TLSv1.2 > > > > ssl_cert = </etc/letsencrypt/archive/<MYSERVER>/fullchain1.pem > > ssl_key = </etc/letsencrypt/archive/<MYSERVER>/privkey1.pem > > > > ssl_cipher_list = ALL > > > > output of dovecot -n: > > > > # OS: Linux 3.10.0-957.1.3.el7.x86_64 x86_64 CentOS Linux release > > 7.6.1810 (Core) ext4 > > # Hostname: SERVER NAME > > auth_debug = yes > > auth_mechanisms = plain login > > auth_verbose = yes > > auth_verbose_passwords = plain > > mail_location = maildir:/var/mail/mymail_storage/base/ > > passdb { > > args = /etc/imap.v_users > > driver = passwd-file > > } > > service auth { > > unix_listener /var/spool/postfix/private/auth { > > group = postfix > > mode = 0660 > > user = postfix > > } > > } > > service imap-login { > > inet_listener imap { > > port = 0 > > } > > inet_listener imaps { > > port = 993 > > } > > } > > ssl = required > > userdb { > > args = /etc/imap.v_users > > driver = passwd-file > > } > > verbose_ssl = yes > > > > > > > > > > > > this is the error message I get by when I tried to connect with mutt: > > > > > > Dec 11 08:34:26 MYSERVER dovecot: master: Dovecot v2.2.36 (1f10bfa63) > > starting up for imap, pop3, lmtp (core dumps disabled) > > Dec 11 08:34:34 MYSERVER dovecot: imap-login: Debug: SSL: where=0x10, > > ret=1: before/accept initialization [my.home.ip.address] > > Dec 11 08:34:34 MYSERVER dovecot: imap-login: Debug: SSL: > > where=0x2001, ret=1: before/accept initialization [my.home.ip.address] > > Dec 11 08:34:34 MYSERVER dovecot: imap-login: Debug: SSL: > > where=0x2002, ret=-1: SSLv2/v3 read client hello A > > [my.home.ip.address] > > Dec 11 08:34:34 MYSERVER dovecot: imap-login: Warning: SSL alert: > > where=0x4008, ret=552: fatal handshake failure [my.home.ip.address] > > Dec 11 08:34:34 MYSERVER dovecot: imap-login: Debug: SSL: > > where=0x2002, ret=-1: error [my.home.ip.address] > > Dec 11 08:34:34 MYSERVER dovecot: imap-login: Debug: SSL: > > where=0x2002, ret=-1: error [my.home.ip.address] > > Dec 11 08:34:34 MYSERVER dovecot: imap-login: Debug: SSL error: > > SSL_accept() failed: error:1408A0C1:SSL > > routines:ssl3_get_client_hello: > > Dec 11 08:34:34 MYSERVER dovecot: imap-login: Disconnected > > (disconnected before auth was ready, waited 0 secs): user=<>, > > rip=my.home.ip.address, lip=my.vps.ip.address, TLS hands > > haking: SSL_accept() failed: error:1408A0C1:SSL > > routines:ssl3_get_client_hello:no shared cipher, > > session=<H8roHLp86psvNZ88> > > Dec 11 08:34:34 MYSERVER dovecot: auth: Debug: Loading modules from > > directory: /usr/lib64/dovecot/auth > > Dec 11 08:34:34 MYSERVER dovecot: auth: Debug: Module loaded: > > /usr/lib64/dovecot/auth/lib20_auth_var_expand_crypt.so > > Dec 11 08:34:34 MYSERVER dovecot: auth: Debug: Module loaded: > > /usr/lib64/dovecot/auth/libdriver_sqlite.so > > Dec 11 08:34:34 MYSERVER dovecot: auth: Debug: Read auth token secret > > from /var/run/dovecot/auth-token-secret.dat > > Dec 11 08:34:34 MYSERVER dovecot: auth: Debug: passwd-file > > /etc/imap.v_users: Read 1 users in 0 secs
Ah, the actual problem appears to be that you are not including the conf.d directory at all in your config, so you are ending up with no certificate at all. This is handled better in 2.3.x. Aki On 11.12.2018 12.01, Aki Tuomi wrote:> Hi! > > You have misconfigured service imap-login, remove the 993 listener > config (it's there by default) or add ssl = yes to it. > > Aki > > On 11.12.2018 11.58, Marco Fioretti wrote: >> hello, and some update >> short version: the error is still there, but I have some more data to >> share, thanks in advance for further advice >> >> first, I am using Mutt 1.10.1 (2018-07-13) as mail client, so it is >> not an obsolete version. >> second... at the moment I can send email through postfix on the same >> server, with the >> same certificates (almost: I still have to fix some stuff, but is NOT >> related to SSL/TLS, e.g >> reverse DNS). >> >> However, running openssl as requested returns "no peer certificate >> available", and when >> I connect with mutt to dovecot I still get the "no shared cipher" >> error. These are the permissions >> on the certificate files: >> >> ls -l /etc/letsencrypt/archive/<MYSERVER>/fullchain1.pem >> /etc/letsencrypt/archive/<MYSERVER>/privkey1.pem >> -r--------. 1 root root 3546 Dec 7 11:59 >> /etc/letsencrypt/archive/<MYSERVER>/fullchain1.pem >> -r--------. 1 root root 1704 Dec 7 11:59 >> /etc/letsencrypt/archive/<MYSERVER>/privkey1.pem >> >> output of openssl, dovecot -n, its current SSL settings and excerpt of >> the log file are all below. >> >> openssl s_client -host MY.ACTUAL.HOSTNAME.HERE -port 993 >> CONNECTED(00000003) >> 140141825717912:error:14077410:SSL >> routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake >> failure:s23_clnt.c:769: >> --- >> no peer certificate available >> --- >> No client certificate CA names sent >> --- >> SSL handshake has read 7 bytes and written 305 bytes >> --- >> New, (NONE), Cipher is (NONE) >> Secure Renegotiation IS NOT supported >> Compression: NONE >> Expansion: NONE >> No ALPN negotiated >> SSL-Session: >> Protocol : TLSv1.2 >> Cipher : 0000 >> Session-ID: >> Session-ID-ctx: >> Master-Key: >> Key-Arg : None >> PSK identity: None >> PSK identity hint: None >> SRP username: None >> Start Time: 1544521696 >> Timeout : 300 (sec) >> Verify return code: 0 (ok) >> --- >> >> current SSL dovecot settings in conf.d/10-ssl.conf >> >> ssl = yes >> >> ssl_prefer_server_ciphers = yes >> >> ssl_dh_parameters_length = 2048 >> >> sl_min_protocol = TLSv1.2 >> >> ssl_cert = </etc/letsencrypt/archive/<MYSERVER>/fullchain1.pem >> ssl_key = </etc/letsencrypt/archive/<MYSERVER>/privkey1.pem >> >> ssl_cipher_list = ALL >> >> output of dovecot -n: >> >> # OS: Linux 3.10.0-957.1.3.el7.x86_64 x86_64 CentOS Linux release >> 7.6.1810 (Core) ext4 >> # Hostname: SERVER NAME >> auth_debug = yes >> auth_mechanisms = plain login >> auth_verbose = yes >> auth_verbose_passwords = plain >> mail_location = maildir:/var/mail/mymail_storage/base/ >> passdb { >> args = /etc/imap.v_users >> driver = passwd-file >> } >> service auth { >> unix_listener /var/spool/postfix/private/auth { >> group = postfix >> mode = 0660 >> user = postfix >> } >> } >> service imap-login { >> inet_listener imap { >> port = 0 >> } >> inet_listener imaps { >> port = 993 >> } >> } >> ssl = required >> userdb { >> args = /etc/imap.v_users >> driver = passwd-file >> } >> verbose_ssl = yes >> >> >> >> >> >> this is the error message I get by when I tried to connect with mutt: >> >> >> Dec 11 08:34:26 MYSERVER dovecot: master: Dovecot v2.2.36 (1f10bfa63) >> starting up for imap, pop3, lmtp (core dumps disabled) >> Dec 11 08:34:34 MYSERVER dovecot: imap-login: Debug: SSL: where=0x10, >> ret=1: before/accept initialization [my.home.ip.address] >> Dec 11 08:34:34 MYSERVER dovecot: imap-login: Debug: SSL: >> where=0x2001, ret=1: before/accept initialization [my.home.ip.address] >> Dec 11 08:34:34 MYSERVER dovecot: imap-login: Debug: SSL: >> where=0x2002, ret=-1: SSLv2/v3 read client hello A >> [my.home.ip.address] >> Dec 11 08:34:34 MYSERVER dovecot: imap-login: Warning: SSL alert: >> where=0x4008, ret=552: fatal handshake failure [my.home.ip.address] >> Dec 11 08:34:34 MYSERVER dovecot: imap-login: Debug: SSL: >> where=0x2002, ret=-1: error [my.home.ip.address] >> Dec 11 08:34:34 MYSERVER dovecot: imap-login: Debug: SSL: >> where=0x2002, ret=-1: error [my.home.ip.address] >> Dec 11 08:34:34 MYSERVER dovecot: imap-login: Debug: SSL error: >> SSL_accept() failed: error:1408A0C1:SSL >> routines:ssl3_get_client_hello: >> Dec 11 08:34:34 MYSERVER dovecot: imap-login: Disconnected >> (disconnected before auth was ready, waited 0 secs): user=<>, >> rip=my.home.ip.address, lip=my.vps.ip.address, TLS hands >> haking: SSL_accept() failed: error:1408A0C1:SSL >> routines:ssl3_get_client_hello:no shared cipher, >> session=<H8roHLp86psvNZ88> >> Dec 11 08:34:34 MYSERVER dovecot: auth: Debug: Loading modules from >> directory: /usr/lib64/dovecot/auth >> Dec 11 08:34:34 MYSERVER dovecot: auth: Debug: Module loaded: >> /usr/lib64/dovecot/auth/lib20_auth_var_expand_crypt.so >> Dec 11 08:34:34 MYSERVER dovecot: auth: Debug: Module loaded: >> /usr/lib64/dovecot/auth/libdriver_sqlite.so >> Dec 11 08:34:34 MYSERVER dovecot: auth: Debug: Read auth token secret >> from /var/run/dovecot/auth-token-secret.dat >> Dec 11 08:34:34 MYSERVER dovecot: auth: Debug: passwd-file >> /etc/imap.v_users: Read 1 users in 0 secs