"Ing. Daniel RozsnyĆ³"
2010-Sep-16 21:20 UTC
[Dovecot] SSL stops working after server upgrade
Hello, after an upgrade of the dovecot server, I can not use SSL connections. Can you help me solving the issue? When googling for the error, there is an opinion that the client is broken (in my case Thunderbird, 3.1.3), but I rather see the issue in the server, because I was upgrading my gentoo box by hand, and the secure imap stopped to work after that. Is there a more verbose SSL logging than the default verbose ssl = yes? It's output is attached below. Also, maybe only a configuration detail is missing, since with this version of dovecot, the configuration files were broken into several smaller files, but for my first look they contained the options I had used before. Thanks. Sep 16 23:12:25 [dovecot] master: Dovecot v2.0.2 starting up (core dumps disabled) Sep 16 23:12:29 [dovecot] imap-login: Warning: SSL: where=0x10, ret=1: before/accept initialization [192.168.77.202] Sep 16 23:12:29 [dovecot] imap-login: Warning: SSL: where=0x2001, ret=1: before/accept initialization [192.168.77.202] Sep 16 23:12:29 [dovecot] imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv2/v3 read client hello A [192.168.77.202] Sep 16 23:12:29 [dovecot] imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 read client hello A [192.168.77.202] Sep 16 23:12:29 [dovecot] imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write server hello A [192.168.77.202] Sep 16 23:12:29 [dovecot] imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write certificate A [192.168.77.202] Sep 16 23:12:29 [dovecot] imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write key exchange A [192.168.77.202] Sep 16 23:12:29 [dovecot] imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write server done A [192.168.77.202] Sep 16 23:12:29 [dovecot] imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 flush data [192.168.77.202] Sep 16 23:12:29 [dovecot] imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A [192.168.77.202] - Last output repeated twice - Sep 16 23:12:30 [dovecot] imap-login: Warning: SSL alert: where=0x4004, ret=554: fatal bad certificate [192.168.77.202] Sep 16 23:12:30 [dovecot] imap-login: Warning: SSL failed: where=0x2002: SSLv3 read client certificate A [192.168.77.202] Sep 16 23:12:30 [dovecot] imap-login: Disconnected (no auth attempts): rip=192.168.77.202, lip=192.168.77.201, mpid=0, TLS handshaking: SSL_accept() failed: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate: SSL alert number 42
On 16.9.2010, at 22.20, Ing. Daniel Rozsny? wrote:> Sep 16 23:12:30 [dovecot] imap-login: Disconnected (no auth attempts): rip=192.168.77.202, lip=192.168.77.201, mpid=0, TLS handshaking: SSL_accept() failed: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate: SSL alert number 42My guess: The upgrade changed/broke Dovecot's SSL certificates. doveconf -n output would have been useful.
Reasonably Related Threads
- Dovecot IMAPS : Thunderbird SSL cert issue / Evolution OK
- Dovecot IMAPS : Thunderbird SSL cert issue / Evolution OK
- Dovecot IMAPS : Thunderbird SSL cert issue / Evolution OK
- Dovecot IMAPS : Thunderbird SSL cert issue / Evolution OK
- Dovecot IMAPS : Thunderbird SSL cert issue / Evolution OK