thr3ads.net - dovecot - [Dovecot] SSL stops working after server upgrade [Sep 2010]

If this information is useful, please help other people find it:
Share via:

"Ing. Daniel Rozsnyó"

2010-Sep-16 21:20 UTC

[Dovecot] SSL stops working after server upgrade

Hello, after an upgrade of the dovecot server, I can not use SSL 
connections. Can you help me solving the issue? When googling for the 
error, there is an opinion that the client is broken (in my case 
Thunderbird, 3.1.3), but I rather see the issue in the server, because I 
was upgrading my gentoo box by hand, and the secure imap stopped to work 
after that.  Is there a more verbose SSL logging than the default 
verbose ssl = yes? It's output is attached below. Also, maybe only a 
configuration detail is missing, since with this version of dovecot, the 
configuration files were broken into several smaller files, but for my 
first look they contained the options I had used before.

Thanks.

Sep 16 23:12:25 [dovecot] master: Dovecot v2.0.2 starting up (core dumps 
disabled)
Sep 16 23:12:29 [dovecot] imap-login: Warning: SSL: where=0x10, ret=1: 
before/accept initialization [192.168.77.202]
Sep 16 23:12:29 [dovecot] imap-login: Warning: SSL: where=0x2001, ret=1: 
before/accept initialization [192.168.77.202]
Sep 16 23:12:29 [dovecot] imap-login: Warning: SSL: where=0x2002, 
ret=-1: SSLv2/v3 read client hello A [192.168.77.202]
Sep 16 23:12:29 [dovecot] imap-login: Warning: SSL: where=0x2001, ret=1: 
SSLv3 read client hello A [192.168.77.202]
Sep 16 23:12:29 [dovecot] imap-login: Warning: SSL: where=0x2001, ret=1: 
SSLv3 write server hello A [192.168.77.202]
Sep 16 23:12:29 [dovecot] imap-login: Warning: SSL: where=0x2001, ret=1: 
SSLv3 write certificate A [192.168.77.202]
Sep 16 23:12:29 [dovecot] imap-login: Warning: SSL: where=0x2001, ret=1: 
SSLv3 write key exchange A [192.168.77.202]
Sep 16 23:12:29 [dovecot] imap-login: Warning: SSL: where=0x2001, ret=1: 
SSLv3 write server done A [192.168.77.202]
Sep 16 23:12:29 [dovecot] imap-login: Warning: SSL: where=0x2001, ret=1: 
SSLv3 flush data [192.168.77.202]
Sep 16 23:12:29 [dovecot] imap-login: Warning: SSL: where=0x2002, 
ret=-1: SSLv3 read client certificate A [192.168.77.202]
                 - Last output repeated twice -
Sep 16 23:12:30 [dovecot] imap-login: Warning: SSL alert: where=0x4004, 
ret=554: fatal bad certificate [192.168.77.202]
Sep 16 23:12:30 [dovecot] imap-login: Warning: SSL failed: where=0x2002: 
SSLv3 read client certificate A [192.168.77.202]
Sep 16 23:12:30 [dovecot] imap-login: Disconnected (no auth attempts): 
rip=192.168.77.202, lip=192.168.77.201, mpid=0, TLS handshaking: 
SSL_accept() failed: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 
alert bad certificate: SSL alert number 42

Timo Sirainen

2010-Sep-16 21:48 UTC

head link

[Dovecot] SSL stops working after server upgrade

On 16.9.2010, at 22.20, Ing. Daniel Rozsny? wrote:
> Sep 16 23:12:30 [dovecot] imap-login: Disconnected (no auth attempts):
rip=192.168.77.202, lip=192.168.77.201, mpid=0, TLS handshaking: SSL_accept()
failed: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate:
SSL alert number 42
My guess: The upgrade changed/broke Dovecot's SSL certificates. doveconf -n
output would have been useful.

Apparently Analagous Threads

Search for more possibly parallel threads

dovecot - Sep 2010 - SSL stops working after server upgrade

[Dovecot] SSL stops working after server upgrade

[Dovecot] SSL stops working after server upgrade

Apparently Analagous Threads