dovecot - Sep 2019 - TLS not working with iOS beta?

Hi,

Have anyone else experienced problems using Dovecot with the mail app in beta
releases of iOS/iPadOS 13?

TLS is failing for my, it have worked fine for years and I am on the latest
Dovecot version now, it works fine with older clients but not with the ones
upgraded:

Sep 04 19:49:16 imap-login: Debug: SSL: where=0x10, ret=1: before/accept
initialization
Sep 04 19:49:16 imap-login: Debug: SSL: where=0x2001, ret=1: before/accept
initialization
Sep 04 19:49:16 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv2/v3 read
client hello A
Sep 04 19:49:16 imap-login: Debug: SSL alert: where=0x4008, ret=552: fatal
handshake failure
Sep 04 19:49:16 imap-login: Debug: SSL: where=0x2002, ret=-1: error
Sep 04 19:49:16 imap-login: Debug: SSL: where=0x2002, ret=-1: error
Sep 04 19:49:16 imap-login: Debug: SSL error: SSL_accept() failed:
error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher
Sep 04 19:49:16 imap-login: Debug: SSL: where=0x2002, ret=-1: error
Sep 04 19:49:16 imap-login: Debug: SSL error: SSL_accept() failed:
error:140800FF:SSL routines:ssl3_accept:unknown state
Sep 04 19:49:16 imap-login: Info: Disconnected (no auth attempts in 0 secs):
user=<>, rip=11.22.33.44, lip=11.22.33.44, TLS handshaking: SSL_accept()
failed: error:140800FF:SSL routines:ssl3_accept:unknown state,
session=<lz7m2r2rjPouOvrk>

Working client:

Sep 04 19:57:58 imap-login: Debug: SSL: where=0x10, ret=1: before/accept
initialization
Sep 04 19:57:58 imap-login: Debug: SSL: where=0x2001, ret=1: before/accept
initialization
Sep 04 19:57:58 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv2/v3 read
client hello A
Sep 04 19:57:58 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read client
hello A
Sep 04 19:57:58 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write server
hello A
Sep 04 19:57:58 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write
certificate A
Sep 04 19:58:01 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write key
exchange A
Sep 04 19:58:01 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write server
done A
Sep 04 19:58:01 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 flush data
Sep 04 19:58:01 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read client
certificate A
Sep 04 19:58:01 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3 read client
key exchange A
Sep 04 19:58:01 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3 read client
key exchange A
Sep 04 19:58:01 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3 read client
key exchange A
Sep 04 19:58:01 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3 read client
key exchange A
Sep 04 19:58:03 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read client
key exchange A
Sep 04 19:58:03 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read
certificate verify A
Sep 04 19:58:03 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3 read
finished A
Sep 04 19:58:03 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read finished
A
Sep 04 19:58:03 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write change
cipher spec A
Sep 04 19:58:03 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write
finished A
Sep 04 19:58:03 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 flush data
Sep 04 19:58:03 imap-login: Debug: SSL: where=0x20, ret=1: SSL negotiation
finished successfully
Sep 04 19:58:03 imap-login: Debug: SSL: where=0x2002, ret=1: SSL negotiation
finished successfully
Sep 04 19:58:03 imap-login: Info: Login: user=<username>, method=LOGIN,
rip=11.22.33.44, lip=11.22.33.44, mpid=28781, TLS, TLSv1.2 with cipher
DHE-RSA-AES256-GCM-SHA384 (256/256 bits), session=<LklR9r2Vtb4uOzra>


Config:

# egrep -v "^#|^$" 10-ssl.conf 10-auth.conf
10-ssl.conf:ssl = required
10-ssl.conf:ssl_cert = </path/to/fullchain.pem
10-ssl.conf:ssl_key = </path/to/privkey.pem
10-ssl.conf:ssl_dh = </path/to/dh.pem
10-ssl.conf:ssl_min_protocol = TLSv1.1
10-ssl.conf:ssl_cipher_list =
ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW
at STRENGTH
10-auth.conf:disable_plaintext_auth = yes
10-auth.conf:auth_mechanisms = login
10-auth.conf:!include auth-system.conf.ext

# dovecot --version
2.3.7.2 (3c910f64b)

Anyone seeing something similar and/or have suggestions on how to proceed?

Regards
Henrik

> Le 4 sept. 2019 ? 20:11, Henrik Johansson via dovecot <dovecot at
dovecot.org> a ?crit :
> 
> Hi,
> 
> Have anyone else experienced problems using Dovecot with the mail app in
beta releases of iOS/iPadOS 13?
> 
> TLS is failing for my, it have worked fine for years and I am on the latest
Dovecot version now, it works fine with older clients but not with the ones
upgraded:
> 
> Sep 04 19:49:16 imap-login: Debug: SSL: where=0x10, ret=1: before/accept
initialization
> Sep 04 19:49:16 imap-login: Debug: SSL: where=0x2001, ret=1: before/accept
initialization
> Sep 04 19:49:16 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv2/v3 read
client hello A
> Sep 04 19:49:16 imap-login: Debug: SSL alert: where=0x4008, ret=552: fatal
handshake failure
> Sep 04 19:49:16 imap-login: Debug: SSL: where=0x2002, ret=-1: error
> Sep 04 19:49:16 imap-login: Debug: SSL: where=0x2002, ret=-1: error
> Sep 04 19:49:16 imap-login: Debug: SSL error: SSL_accept() failed:
error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher
> Sep 04 19:49:16 imap-login: Debug: SSL: where=0x2002, ret=-1: error
> Sep 04 19:49:16 imap-login: Debug: SSL error: SSL_accept() failed:
error:140800FF:SSL routines:ssl3_accept:unknown state
> Sep 04 19:49:16 imap-login: Info: Disconnected (no auth attempts in 0
secs): user=<>, rip=11.22.33.44, lip=11.22.33.44, TLS handshaking:
SSL_accept() failed: error:140800FF:SSL routines:ssl3_accept:unknown state,
session=<lz7m2r2rjPouOvrk>
> 
> Working client:
> 
> Sep 04 19:57:58 imap-login: Debug: SSL: where=0x10, ret=1: before/accept
initialization
> Sep 04 19:57:58 imap-login: Debug: SSL: where=0x2001, ret=1: before/accept
initialization
> Sep 04 19:57:58 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv2/v3 read
client hello A
> Sep 04 19:57:58 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read
client hello A
> Sep 04 19:57:58 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write
server hello A
> Sep 04 19:57:58 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write
certificate A
> Sep 04 19:58:01 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write
key exchange A
> Sep 04 19:58:01 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write
server done A
> Sep 04 19:58:01 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 flush
data
> Sep 04 19:58:01 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read
client certificate A
> Sep 04 19:58:01 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3 read
client key exchange A
> Sep 04 19:58:01 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3 read
client key exchange A
> Sep 04 19:58:01 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3 read
client key exchange A
> Sep 04 19:58:01 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3 read
client key exchange A
> Sep 04 19:58:03 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read
client key exchange A
> Sep 04 19:58:03 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read
certificate verify A
> Sep 04 19:58:03 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3 read
finished A
> Sep 04 19:58:03 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read
finished A
> Sep 04 19:58:03 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write
change cipher spec A
> Sep 04 19:58:03 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write
finished A
> Sep 04 19:58:03 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 flush
data
> Sep 04 19:58:03 imap-login: Debug: SSL: where=0x20, ret=1: SSL negotiation
finished successfully
> Sep 04 19:58:03 imap-login: Debug: SSL: where=0x2002, ret=1: SSL
negotiation finished successfully
> Sep 04 19:58:03 imap-login: Info: Login: user=<username>,
method=LOGIN, rip=11.22.33.44, lip=11.22.33.44, mpid=28781, TLS, TLSv1.2 with
cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits),
session=<LklR9r2Vtb4uOzra>
> 
> 
> Config:
> 
> # egrep -v "^#|^$" 10-ssl.conf 10-auth.conf
> 10-ssl.conf:ssl = required
> 10-ssl.conf:ssl_cert = </path/to/fullchain.pem
> 10-ssl.conf:ssl_key = </path/to/privkey.pem
> 10-ssl.conf:ssl_dh = </path/to/dh.pem
> 10-ssl.conf:ssl_min_protocol = TLSv1.1
> 10-ssl.conf:ssl_cipher_list =
ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW
at STRENGTH
> 10-auth.conf:disable_plaintext_auth = yes
> 10-auth.conf:auth_mechanisms = login
> 10-auth.conf:!include auth-system.conf.ext
> 
> # dovecot --version
> 2.3.7.2 (3c910f64b)
Just a wild guess as I didn?t try to configure Mail on Catalina yet, but it
looks like your server only supports ?DHE-RSA?? ciphers.
I think that modern systems prefers using ECDHE key exchange and would not be
surprise if iOS requires it.

What version of OpenSSL are you using ?

> Le 4 sept. 2019 ? 21:35, Jean-Daniel via dovecot <dovecot at
dovecot.org> a ?crit :
> 
>> 
>> Le 4 sept. 2019 ? 20:11, Henrik Johansson via dovecot <dovecot at
dovecot.org> a ?crit :
>> 
>> Hi,
>> 
>> Have anyone else experienced problems using Dovecot with the mail app
in beta releases of iOS/iPadOS 13?
>> 
>> TLS is failing for my, it have worked fine for years and I am on the
latest Dovecot version now, it works fine with older clients but not with the
ones upgraded:
>> 
>> Sep 04 19:49:16 imap-login: Debug: SSL: where=0x10, ret=1:
before/accept initialization
>> Sep 04 19:49:16 imap-login: Debug: SSL: where=0x2001, ret=1:
before/accept initialization
>> Sep 04 19:49:16 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv2/v3
read client hello A
>> Sep 04 19:49:16 imap-login: Debug: SSL alert: where=0x4008, ret=552:
fatal handshake failure
>> Sep 04 19:49:16 imap-login: Debug: SSL: where=0x2002, ret=-1: error
>> Sep 04 19:49:16 imap-login: Debug: SSL: where=0x2002, ret=-1: error
>> Sep 04 19:49:16 imap-login: Debug: SSL error: SSL_accept() failed:
error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher
>> Sep 04 19:49:16 imap-login: Debug: SSL: where=0x2002, ret=-1: error
>> Sep 04 19:49:16 imap-login: Debug: SSL error: SSL_accept() failed:
error:140800FF:SSL routines:ssl3_accept:unknown state
>> Sep 04 19:49:16 imap-login: Info: Disconnected (no auth attempts in 0
secs): user=<>, rip=11.22.33.44, lip=11.22.33.44, TLS handshaking:
SSL_accept() failed: error:140800FF:SSL routines:ssl3_accept:unknown state,
session=<lz7m2r2rjPouOvrk>
>> 
>> Working client:
>> 
>> Sep 04 19:57:58 imap-login: Debug: SSL: where=0x10, ret=1:
before/accept initialization
>> Sep 04 19:57:58 imap-login: Debug: SSL: where=0x2001, ret=1:
before/accept initialization
>> Sep 04 19:57:58 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv2/v3
read client hello A
>> Sep 04 19:57:58 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read
client hello A
>> Sep 04 19:57:58 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3
write server hello A
>> Sep 04 19:57:58 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3
write certificate A
>> Sep 04 19:58:01 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3
write key exchange A
>> Sep 04 19:58:01 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3
write server done A
>> Sep 04 19:58:01 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3
flush data
>> Sep 04 19:58:01 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read
client certificate A
>> Sep 04 19:58:01 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3
read client key exchange A
>> Sep 04 19:58:01 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3
read client key exchange A
>> Sep 04 19:58:01 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3
read client key exchange A
>> Sep 04 19:58:01 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3
read client key exchange A
>> Sep 04 19:58:03 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read
client key exchange A
>> Sep 04 19:58:03 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read
certificate verify A
>> Sep 04 19:58:03 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3
read finished A
>> Sep 04 19:58:03 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read
finished A
>> Sep 04 19:58:03 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3
write change cipher spec A
>> Sep 04 19:58:03 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3
write finished A
>> Sep 04 19:58:03 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3
flush data
>> Sep 04 19:58:03 imap-login: Debug: SSL: where=0x20, ret=1: SSL
negotiation finished successfully
>> Sep 04 19:58:03 imap-login: Debug: SSL: where=0x2002, ret=1: SSL
negotiation finished successfully
>> Sep 04 19:58:03 imap-login: Info: Login: user=<username>,
method=LOGIN, rip=11.22.33.44, lip=11.22.33.44, mpid=28781, TLS, TLSv1.2 with
cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits),
session=<LklR9r2Vtb4uOzra>
>> 
>> 
>> Config:
>> 
>> # egrep -v "^#|^$" 10-ssl.conf 10-auth.conf
>> 10-ssl.conf:ssl = required
>> 10-ssl.conf:ssl_cert = </path/to/fullchain.pem
>> 10-ssl.conf:ssl_key = </path/to/privkey.pem
>> 10-ssl.conf:ssl_dh = </path/to/dh.pem
>> 10-ssl.conf:ssl_min_protocol = TLSv1.1
>> 10-ssl.conf:ssl_cipher_list =
ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW
at STRENGTH
>> 10-auth.conf:disable_plaintext_auth = yes
>> 10-auth.conf:auth_mechanisms = login
>> 10-auth.conf:!include auth-system.conf.ext
>> 
>> # dovecot --version
>> 2.3.7.2 (3c910f64b)
> 
> Just a wild guess as I didn?t try to configure Mail on Catalina yet, but it
looks like your server only supports ?DHE-RSA?? ciphers.
> I think that modern systems prefers using ECDHE key exchange and would not
be surprise if iOS requires it.
> 
> What version of OpenSSL are you using ?
An interesting note from the Apple documentation about what is considered a
secured server:

	? The link must support perfect forward secrecy (PFS) through Elliptic Curve
Diffie-Hellman Ephemeral (ECDHE) key exchange.

https://developer.apple.com/documentation/security/preventing_insecure_network_connections
<https://developer.apple.com/documentation/security/preventing_insecure_network_connections>


-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://dovecot.org/pipermail/dovecot/attachments/20190904/c37cfcc2/attachment-0001.html>

> On 4 Sep 2019, at 21:35, Jean-Daniel <jddupas at xooloo.com> wrote:
> 
> Just a wild guess as I didn?t try to configure Mail on Catalina yet, but it
looks like your server only supports ?DHE-RSA?? ciphers.
> I think that modern systems prefers using ECDHE key exchange and would not
be surprise if iOS requires it.
> 
> What version of OpenSSL are you using ?
A good guss, I am using 1.0.2r, but it is missing ECDHE so that seems like the
problem. I will try with a openssl that supports it.

Thank you!

Regards
Henrik

-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://dovecot.org/pipermail/dovecot/attachments/20190904/601bae12/attachment.html>

> On 4 Sep 2019, at 21:35, Jean-Daniel <jddupas at xooloo.com> wrote:
> 
> Just a wild guess as I didn?t try to configure Mail on Catalina yet, but it
looks like your server only supports ?DHE-RSA?? ciphers.
> I think that modern systems prefers using ECDHE key exchange and would not
be surprise if iOS requires it.
> 
Well I got the OpenSSL parts working now, but newer versions still refuses to
work after establishing with ECDHE, I just get no login attempts and no user:

imap-login: Info: Aborted login (no auth attempts in 0 secs): user=<>,
rip=55.66.77.88, lip=11.22.33.44, TLS, TLSv1.2 with cipher
ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)

Regards
Henrik



Non working iOS 13

Sep 08 11:25:47 auth: Debug: auth client connected (pid=23934)
SeSep 08 11:25:47 auth: Debug: auth client connected (pid=23934)p 08 11:25:47
imap-login: Debug: SSL: where=0x10, ret=1: before/accept initialization
Sep 08 11:25:47 imap-login: Debug: SSL: where=0x10, ret=1: before/accept
initialization
Sep 08 11:25:47 imap-login: Debug: SSL: where=0x2001, ret=1: before/accept
initialization
Sep 08 11:25:47 imap-login: Debug: SSL: where=0x2001, ret=1: before/accept
initialization
Sep 08 11:25:47 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv2/v3 read
client hello A
SeSep 08 11:25:47 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv2/v3 read
client hello A
Sep 08 11:25:47 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read client
hello A
SSep 08 11:25:47 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read client
hello A
Sep 08 11:25:47 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write server
hello A
SSep 08 11:25:47 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write server
hello A
Sep 08 11:25:47 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write
certificate A
SSep 08 11:25:47 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write
certificate A
Sep 08 11:25:47 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write key
exchange A
Sep 08 11:25:47 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write key
exchange A
Sep 08 11:25:47 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write server
done A
Sep 08 11:25:47 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 flush data
Sep 08 11:25:47 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read client
certificate A
Sep 08 11:25:47 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3 read client
key exchange A
Sep 08 11:25:47 imap-login: Debug: SSL: whereSep 08 11:25:47 imap-login: Debug:
SSL: where=0x2001, ret=1: SSLv3 write server done A =0x2002,Sep 08 11:25:47
imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 flush data
Sep 08 11:25:47 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read client
certificate A
Debug: SSL: where=0x2001, ret=1: SSLv3 flush data
Sep 08 1Sep 08 11:25:47 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3 read
client key exchange A
Sep 08 11:25:47 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3 read client
key exchange A
1:25Sep 08 11:25:47 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3 read
client key exchange A
:Sep 08 11:25:47 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3 read client
key exchange A
4Sep 08 11:25:47 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read client
key exchange A
11:25:47 imap-login: Debug: SSL alert: close notify
Sep 08 11:Sep 08 11:25:47 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3
read certificate verify A
25Sep 08 11:25:47 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read
finished A
Sep 08 11:25:47 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write change
cipher spec A
:47 Sep 08 11:25:47 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write
finished A
iSep 08 11:25:47 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 flush data
map-Sep 08 11:25:47 imap-login: Debug: SSL: where=0x20, ret=1: SSL negotiation
finished successfully
SSLv3 write key exchange A
Sep 08 11:24:09 imap-login: Debug: SSL: wherSep 08 11:25:47 imap-login: Debug:
SSL: where=0x2002, ret=1: SSL negotiation finished successfully e=0x2001,
ret=1:Sep 08 11:25:47 imap-login: Debug: SSL alert: close notify
Sep 08 11:25:47 imap-login: Info: Aborted login (no auth attempts in 0 secs):
user=<>, rip=55.66.77.88, lip=11.22.33.44, TLS, TLSv1.2 with cipher
ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits), session=<fU+qvQeSGTJb6jE9>
SSLvSep 08 11:25:47 imap-login: Debug: SSL alert: close notify


Working MacOS  10.14.6

Sep 08 11:24:09 auth: Debug: auth client connected (pid=23912)
Sep 08 11:24:09 imap-login: Debug: SSL: where=0x10, ret=1: before/accept
initialization
Sep 08 11:24:09 imap-login: Debug: SSL: where=0x2001, ret=1: before/accept
initialization
Sep 08 11:24:09 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv2/v3 read
client hello A
Sep 08 11:24:09 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read client
hello A
Sep 08 11:24:09 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write server
hello A
Sep 08 11:24:09 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write
certificate A
Sep 08 11:24:09 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write key
exchange A
Sep 08 11:24:09 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write server
done A
ep 08 11:24:09 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3 read client
key exchange A
Sep 08 11:24:09 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3 read client
key exchange A
Sep 08 11:24:09 imap-login: Debug: SSL: where=0x2002, reSep 08 11:24:09
imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 flush data
Sep 08 11:24:09 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read client
certificate A
Sep 08 11:24:09 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3 read client
key exchange A
ep 08 11:24:09 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3 read client
key exchange A
Sep 08 11:24:09 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3 read client
key exchange A
Sep 08 11:24:09 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3 read client
key exchange A
Sep 08 11:24:09 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read client
key exchange A
Sep 08 11:24:09 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read
certificate verify A
Sep 08 11:24:09 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3 read
finished A
Sep 08 11:24:09 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read finished
A
Sep 08 11:24:09 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write change
cipher spec A
Sep 08 11:24:09 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write
finished A
Sep 08 11:24:09 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 flush data
Sep 08 11:24:09 imap-login: Debug: SSL: where=0x20, ret=1: SSL negotiation
finished successfully
Sep 08 11:24:09 imap-login: Debug: SSL: where=0x2002, ret=1: SSL negotiation
finished successfully



-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://dovecot.org/pipermail/dovecot/attachments/20190908/f1f712eb/attachment.html>