Pallissard, Matthew
2017-Jun-09 02:38 UTC
doveadm ssl error when upgrading from 2.2.27 to 2.2.29
On Thu, Jun 08, 2017 at 11:06:01AM +0300, Aki Tuomi wrote:> > > On 07.06.2017 15:16, Pallissard, Matthew wrote: > > I'm starting to see the following error when upgrading from 2.2.27 to 2.2.29. > > > > doveadm(ip.add.re.ss): Error: doveadm client disconnected before handshake: SSL_accept() failed: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher > > > > Downgrading from 2.2.27 resolves, error still persists in 2.2.28. > > > > I'm using openssl 1.1.0.f and an ec cert/key with the following curve. > > ASN1 OID: prime256v1 > > NIST CURVE: P-256 > > > > > > Does anyone know anything about this off the top of their head? If not I'll try to git-bisect 2.2.27 -> 2.2.28 and see if I can find any offending commits later on this week. > > > > That would indicate a problem with cipher lists. What are you doing that > causes this? > > AkiI'm dealing with a pretty vanilla config. The only ssl related settings are as follows. ssl_cert = </etc/ssl/ecc.cer ssl_key = </etc/ssl/ecc.key local_name domain.com { ssl_cert = </etc/ssl/domain.com.ecc.pem ssl_key = </etc/ssl/domain.com.ecc.key } mail_replica = tcps:replica.hostname:port When I turn up the ssl debug logging all I get the following.>From the host where mail is being replicated to;doveadm: Debug: SSL: elliptic curve prime256v1 will be used for ECDH and ECDHE key exchanges doveadm(replicating.to.this.host): Debug: SSL: where=0x10, ret=1: before SSL initialization doveadm(replicating.to.this.host): Debug: SSL: where=0x2001, ret=1: before SSL initialization doveadm(replicating.to.this.host): Debug: SSL: where=0x2002, ret=-1: before SSL initialization doveadm(replicating.to.this.host): Debug: SSL: where=0x2002, ret=-1: before SSL initialization doveadm(replicating.to.this.host): Debug: SSL: where=0x2001, ret=1: before SSL initialization doveadm(replicating.to.this.host): Debug: SSL alert: where=0x4008, ret=552: fatal handshake failure doveadm(replicating.to.this.host): Debug: SSL: where=0x2002, ret=-1: error doveadm(replicating.to.this.host): Debug: SSL error: SSL_accept() failed: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher doveadm(replicating.to.this.host): Error: doveadm client disconnected before handshake: SSL_accept() failed: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher doveadm(replicating.to.this.host): Debug: SSL error: SSL_accept() syscall failed: Invalid argument>From the host where the mail is being replicated from.dovecot[5904]: doveadm(matt at pallissard.net): Error: doveadm server disconnected before handshake: Broken pipe dovecot[5904]: doveadm(matt at pallissard.net): Error: sync: Disconnected from remote: Broken pipe -- Matt Pallissard
Hi, I can not get rid of the below message and my FTS seems not working properly. Is there a compile parameter to adjust to have Lucene working ? doveadm(root): Debug: Skipping module doveadm_fts_lucene_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib20_doveadm_fts_lucene_plugin.so: undefined symbol: lucene_index_iter_deinit (this is usually intentional, so just ignore this message) doveadm(root): Debug: Skipping module doveadm_fts_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib20_doveadm_fts_plugin.so: undefined symbol: fts_backend_rescan (this is usually intentional, so just ignore this message) Thank you very much
Hi, I compiled 2.2.30.2 and Clucene, looks like the message disappeared. Now, the search does not work when the number of input characters are below 6. How to change that limit (to 3 for instance) ? Thank you very much On 2017-06-09 06:21, Joan Moreau wrote:> Hi, > > I can not get rid of the below message and my FTS seems not working properly. Is there a compile parameter to adjust to have Lucene working ? > > doveadm(root): Debug: Skipping module doveadm_fts_lucene_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib20_doveadm_fts_lucene_plugin.so: undefined symbol: lucene_index_iter_deinit (this is usually intentional, so just ignore this message) > doveadm(root): Debug: Skipping module doveadm_fts_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib20_doveadm_fts_plugin.so: undefined symbol: fts_backend_rescan (this is usually intentional, so just ignore this message) > > Thank you very much
Maybe Matching Threads
- Quotas not working after reboot
- Quotas not working after reboot
- Return extra fields from passwd userdb
- Convert standalone mbox to standalone Maildir with Dsync - hierarchy separator error
- maildirsize calculation gives higher value than a real disk utilization