hello, and some update
short version: the error is still there, but I have some more data to
share, thanks in advance for further advice
first, I am using Mutt 1.10.1 (2018-07-13) as mail client, so it is
not an obsolete version.
second... at the moment I can send email through postfix on the same
server, with the
same certificates (almost: I still have to fix some stuff, but is NOT
related to SSL/TLS, e.g
reverse DNS).
However, running openssl as requested returns "no peer certificate
available", and when
I connect with mutt to dovecot I still get the "no shared cipher"
error. These are the permissions
on the certificate files:
ls -l /etc/letsencrypt/archive/<MYSERVER>/fullchain1.pem
/etc/letsencrypt/archive/<MYSERVER>/privkey1.pem
-r--------. 1 root root 3546 Dec 7 11:59
/etc/letsencrypt/archive/<MYSERVER>/fullchain1.pem
-r--------. 1 root root 1704 Dec 7 11:59
/etc/letsencrypt/archive/<MYSERVER>/privkey1.pem
output of openssl, dovecot -n, its current SSL settings and excerpt of
the log file are all below.
openssl s_client -host MY.ACTUAL.HOSTNAME.HERE -port 993
CONNECTED(00000003)
140141825717912:error:14077410:SSL
routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake
failure:s23_clnt.c:769:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 305 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1544521696
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
current SSL dovecot settings in conf.d/10-ssl.conf
ssl = yes
ssl_prefer_server_ciphers = yes
ssl_dh_parameters_length = 2048
sl_min_protocol = TLSv1.2
ssl_cert = </etc/letsencrypt/archive/<MYSERVER>/fullchain1.pem
ssl_key = </etc/letsencrypt/archive/<MYSERVER>/privkey1.pem
ssl_cipher_list = ALL
output of dovecot -n:
# OS: Linux 3.10.0-957.1.3.el7.x86_64 x86_64 CentOS Linux release
7.6.1810 (Core) ext4
# Hostname: SERVER NAME
auth_debug = yes
auth_mechanisms = plain login
auth_verbose = yes
auth_verbose_passwords = plain
mail_location = maildir:/var/mail/mymail_storage/base/
passdb {
args = /etc/imap.v_users
driver = passwd-file
}
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
}
service imap-login {
inet_listener imap {
port = 0
}
inet_listener imaps {
port = 993
}
}
ssl = required
userdb {
args = /etc/imap.v_users
driver = passwd-file
}
verbose_ssl = yes
this is the error message I get by when I tried to connect with mutt:
Dec 11 08:34:26 MYSERVER dovecot: master: Dovecot v2.2.36 (1f10bfa63)
starting up for imap, pop3, lmtp (core dumps disabled)
Dec 11 08:34:34 MYSERVER dovecot: imap-login: Debug: SSL: where=0x10,
ret=1: before/accept initialization [my.home.ip.address]
Dec 11 08:34:34 MYSERVER dovecot: imap-login: Debug: SSL:
where=0x2001, ret=1: before/accept initialization [my.home.ip.address]
Dec 11 08:34:34 MYSERVER dovecot: imap-login: Debug: SSL:
where=0x2002, ret=-1: SSLv2/v3 read client hello A
[my.home.ip.address]
Dec 11 08:34:34 MYSERVER dovecot: imap-login: Warning: SSL alert:
where=0x4008, ret=552: fatal handshake failure [my.home.ip.address]
Dec 11 08:34:34 MYSERVER dovecot: imap-login: Debug: SSL:
where=0x2002, ret=-1: error [my.home.ip.address]
Dec 11 08:34:34 MYSERVER dovecot: imap-login: Debug: SSL:
where=0x2002, ret=-1: error [my.home.ip.address]
Dec 11 08:34:34 MYSERVER dovecot: imap-login: Debug: SSL error:
SSL_accept() failed: error:1408A0C1:SSL
routines:ssl3_get_client_hello:
Dec 11 08:34:34 MYSERVER dovecot: imap-login: Disconnected
(disconnected before auth was ready, waited 0 secs): user=<>,
rip=my.home.ip.address, lip=my.vps.ip.address, TLS hands
haking: SSL_accept() failed: error:1408A0C1:SSL
routines:ssl3_get_client_hello:no shared cipher,
session=<H8roHLp86psvNZ88>
Dec 11 08:34:34 MYSERVER dovecot: auth: Debug: Loading modules from
directory: /usr/lib64/dovecot/auth
Dec 11 08:34:34 MYSERVER dovecot: auth: Debug: Module loaded:
/usr/lib64/dovecot/auth/lib20_auth_var_expand_crypt.so
Dec 11 08:34:34 MYSERVER dovecot: auth: Debug: Module loaded:
/usr/lib64/dovecot/auth/libdriver_sqlite.so
Dec 11 08:34:34 MYSERVER dovecot: auth: Debug: Read auth token secret
from /var/run/dovecot/auth-token-secret.dat
Dec 11 08:34:34 MYSERVER dovecot: auth: Debug: passwd-file
/etc/imap.v_users: Read 1 users in 0 secs
Hi! You have misconfigured service imap-login, remove the 993 listener config (it's there by default) or add ssl = yes to it. Aki On 11.12.2018 11.58, Marco Fioretti wrote:> hello, and some update > short version: the error is still there, but I have some more data to > share, thanks in advance for further advice > > first, I am using Mutt 1.10.1 (2018-07-13) as mail client, so it is > not an obsolete version. > second... at the moment I can send email through postfix on the same > server, with the > same certificates (almost: I still have to fix some stuff, but is NOT > related to SSL/TLS, e.g > reverse DNS). > > However, running openssl as requested returns "no peer certificate > available", and when > I connect with mutt to dovecot I still get the "no shared cipher" > error. These are the permissions > on the certificate files: > > ls -l /etc/letsencrypt/archive/<MYSERVER>/fullchain1.pem > /etc/letsencrypt/archive/<MYSERVER>/privkey1.pem > -r--------. 1 root root 3546 Dec 7 11:59 > /etc/letsencrypt/archive/<MYSERVER>/fullchain1.pem > -r--------. 1 root root 1704 Dec 7 11:59 > /etc/letsencrypt/archive/<MYSERVER>/privkey1.pem > > output of openssl, dovecot -n, its current SSL settings and excerpt of > the log file are all below. > > openssl s_client -host MY.ACTUAL.HOSTNAME.HERE -port 993 > CONNECTED(00000003) > 140141825717912:error:14077410:SSL > routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake > failure:s23_clnt.c:769: > --- > no peer certificate available > --- > No client certificate CA names sent > --- > SSL handshake has read 7 bytes and written 305 bytes > --- > New, (NONE), Cipher is (NONE) > Secure Renegotiation IS NOT supported > Compression: NONE > Expansion: NONE > No ALPN negotiated > SSL-Session: > Protocol : TLSv1.2 > Cipher : 0000 > Session-ID: > Session-ID-ctx: > Master-Key: > Key-Arg : None > PSK identity: None > PSK identity hint: None > SRP username: None > Start Time: 1544521696 > Timeout : 300 (sec) > Verify return code: 0 (ok) > --- > > current SSL dovecot settings in conf.d/10-ssl.conf > > ssl = yes > > ssl_prefer_server_ciphers = yes > > ssl_dh_parameters_length = 2048 > > sl_min_protocol = TLSv1.2 > > ssl_cert = </etc/letsencrypt/archive/<MYSERVER>/fullchain1.pem > ssl_key = </etc/letsencrypt/archive/<MYSERVER>/privkey1.pem > > ssl_cipher_list = ALL > > output of dovecot -n: > > # OS: Linux 3.10.0-957.1.3.el7.x86_64 x86_64 CentOS Linux release > 7.6.1810 (Core) ext4 > # Hostname: SERVER NAME > auth_debug = yes > auth_mechanisms = plain login > auth_verbose = yes > auth_verbose_passwords = plain > mail_location = maildir:/var/mail/mymail_storage/base/ > passdb { > args = /etc/imap.v_users > driver = passwd-file > } > service auth { > unix_listener /var/spool/postfix/private/auth { > group = postfix > mode = 0660 > user = postfix > } > } > service imap-login { > inet_listener imap { > port = 0 > } > inet_listener imaps { > port = 993 > } > } > ssl = required > userdb { > args = /etc/imap.v_users > driver = passwd-file > } > verbose_ssl = yes > > > > > > this is the error message I get by when I tried to connect with mutt: > > > Dec 11 08:34:26 MYSERVER dovecot: master: Dovecot v2.2.36 (1f10bfa63) > starting up for imap, pop3, lmtp (core dumps disabled) > Dec 11 08:34:34 MYSERVER dovecot: imap-login: Debug: SSL: where=0x10, > ret=1: before/accept initialization [my.home.ip.address] > Dec 11 08:34:34 MYSERVER dovecot: imap-login: Debug: SSL: > where=0x2001, ret=1: before/accept initialization [my.home.ip.address] > Dec 11 08:34:34 MYSERVER dovecot: imap-login: Debug: SSL: > where=0x2002, ret=-1: SSLv2/v3 read client hello A > [my.home.ip.address] > Dec 11 08:34:34 MYSERVER dovecot: imap-login: Warning: SSL alert: > where=0x4008, ret=552: fatal handshake failure [my.home.ip.address] > Dec 11 08:34:34 MYSERVER dovecot: imap-login: Debug: SSL: > where=0x2002, ret=-1: error [my.home.ip.address] > Dec 11 08:34:34 MYSERVER dovecot: imap-login: Debug: SSL: > where=0x2002, ret=-1: error [my.home.ip.address] > Dec 11 08:34:34 MYSERVER dovecot: imap-login: Debug: SSL error: > SSL_accept() failed: error:1408A0C1:SSL > routines:ssl3_get_client_hello: > Dec 11 08:34:34 MYSERVER dovecot: imap-login: Disconnected > (disconnected before auth was ready, waited 0 secs): user=<>, > rip=my.home.ip.address, lip=my.vps.ip.address, TLS hands > haking: SSL_accept() failed: error:1408A0C1:SSL > routines:ssl3_get_client_hello:no shared cipher, > session=<H8roHLp86psvNZ88> > Dec 11 08:34:34 MYSERVER dovecot: auth: Debug: Loading modules from > directory: /usr/lib64/dovecot/auth > Dec 11 08:34:34 MYSERVER dovecot: auth: Debug: Module loaded: > /usr/lib64/dovecot/auth/lib20_auth_var_expand_crypt.so > Dec 11 08:34:34 MYSERVER dovecot: auth: Debug: Module loaded: > /usr/lib64/dovecot/auth/libdriver_sqlite.so > Dec 11 08:34:34 MYSERVER dovecot: auth: Debug: Read auth token secret > from /var/run/dovecot/auth-token-secret.dat > Dec 11 08:34:34 MYSERVER dovecot: auth: Debug: passwd-file > /etc/imap.v_users: Read 1 users in 0 secs
Hello Aki,
maybe I misunderstood you, but both adding an "ssl = yes" line to this
section of dovecot.conf, and commenting out the whole "four lines
starting at "inet_listener imaps" do not have any effect :
service imap-login {
inet_listener imap {
port = 0
}
inet_listener imaps {
port = 993
ssl = yes
}
}
this is the error I still get after restarting dovecot, and trying
again to connect with mutt:
ogin: Debug: SSL: where=0x10, ret=1: before/accept initialization
[my.home.ip.address]
Dec 11 11:06:47 SERVERNAME dovecot: imap-login: Debug: SSL:
where=0x2001, ret=1: before/accept initialization [my.home.ip.address]
Dec 11 11:06:47 SERVERNAME dovecot: imap-login: Debug: SSL:
where=0x2002, ret=-1: SSLv2/v3 read client hello A
[my.home.ip.address]
Dec 11 11:06:47 SERVERNAME dovecot: imap-login: Warning: SSL alert:
where=0x4008, ret=552: fatal handshake failure [my.home.ip.address]
Dec 11 11:06:47 SERVERNAME dovecot: imap-login: Debug: SSL:
where=0x2002, ret=-1: error [my.home.ip.address]
Dec 11 11:06:47 SERVERNAME dovecot: imap-login: Debug: SSL:
where=0x2002, ret=-1: error [my.home.ip.address]
Dec 11 11:06:47 SERVERNAME dovecot: imap-login: Debug: SSL error:
SSL_accept() failed: error:1408A0C1:SSL
routines:ssl3_get_client_hello:no shared cipher
Dec 11 11:06:47 SERVERNAME dovecot: imap-login: Disconnected
(disconnected before auth was ready, waited 0 secs): user=<>,
rip=my.home.ip.address, lip=server.ip.address, TLS handshaking:
SSL_accept() failed: error:1408A0C1:SSL
routines:ssl3_get_client_hello:no shared cipher,
session=<zdRFPbx8xp4vNZ88>
Dec 11 11:06:47 SERVERNAME dovecot: auth: Debug: Loading modules from
directory: /usr/lib64/dovecot/auth
Dec 11 11:06:47 SERVERNAME dovecot: auth: Debug: Module loaded:
/usr/lib64/dovecot/auth/lib20_auth_var_expand_crypt.so
Dec 11 11:06:47 SERVERNAME dovecot: auth: Debug: Module loaded:
/usr/lib64/dovecot/auth/libdriver_sqlite.so
Dec 11 11:06:47 SERVERNAME dovecot: auth: Debug: Read auth token
secret from /var/run/dovecot/auth-token-secret.dat
Dec 11 11:06:47 SERVERNAME dovecot: auth: Debug: passwd-file
/etc/imap.v_users: Read 1 users
Il giorno mar 11 dic 2018 alle ore 11:01 Aki Tuomi
<aki.tuomi at open-xchange.com> ha scritto:>
> Hi!
>
> You have misconfigured service imap-login, remove the 993 listener
> config (it's there by default) or add ssl = yes to it.
>
> Aki
>
> On 11.12.2018 11.58, Marco Fioretti wrote:
> > hello, and some update
> > short version: the error is still there, but I have some more data to
> > share, thanks in advance for further advice
> >
> > first, I am using Mutt 1.10.1 (2018-07-13) as mail client, so it is
> > not an obsolete version.
> > second... at the moment I can send email through postfix on the same
> > server, with the
> > same certificates (almost: I still have to fix some stuff, but is NOT
> > related to SSL/TLS, e.g
> > reverse DNS).
> >
> > However, running openssl as requested returns "no peer
certificate
> > available", and when
> > I connect with mutt to dovecot I still get the "no shared
cipher"
> > error. These are the permissions
> > on the certificate files:
> >
> > ls -l /etc/letsencrypt/archive/<MYSERVER>/fullchain1.pem
> > /etc/letsencrypt/archive/<MYSERVER>/privkey1.pem
> > -r--------. 1 root root 3546 Dec 7 11:59
> > /etc/letsencrypt/archive/<MYSERVER>/fullchain1.pem
> > -r--------. 1 root root 1704 Dec 7 11:59
> > /etc/letsencrypt/archive/<MYSERVER>/privkey1.pem
> >
> > output of openssl, dovecot -n, its current SSL settings and excerpt of
> > the log file are all below.
> >
> > openssl s_client -host MY.ACTUAL.HOSTNAME.HERE -port 993
> > CONNECTED(00000003)
> > 140141825717912:error:14077410:SSL
> > routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake
> > failure:s23_clnt.c:769:
> > ---
> > no peer certificate available
> > ---
> > No client certificate CA names sent
> > ---
> > SSL handshake has read 7 bytes and written 305 bytes
> > ---
> > New, (NONE), Cipher is (NONE)
> > Secure Renegotiation IS NOT supported
> > Compression: NONE
> > Expansion: NONE
> > No ALPN negotiated
> > SSL-Session:
> > Protocol : TLSv1.2
> > Cipher : 0000
> > Session-ID:
> > Session-ID-ctx:
> > Master-Key:
> > Key-Arg : None
> > PSK identity: None
> > PSK identity hint: None
> > SRP username: None
> > Start Time: 1544521696
> > Timeout : 300 (sec)
> > Verify return code: 0 (ok)
> > ---
> >
> > current SSL dovecot settings in conf.d/10-ssl.conf
> >
> > ssl = yes
> >
> > ssl_prefer_server_ciphers = yes
> >
> > ssl_dh_parameters_length = 2048
> >
> > sl_min_protocol = TLSv1.2
> >
> > ssl_cert =
</etc/letsencrypt/archive/<MYSERVER>/fullchain1.pem
> > ssl_key = </etc/letsencrypt/archive/<MYSERVER>/privkey1.pem
> >
> > ssl_cipher_list = ALL
> >
> > output of dovecot -n:
> >
> > # OS: Linux 3.10.0-957.1.3.el7.x86_64 x86_64 CentOS Linux release
> > 7.6.1810 (Core) ext4
> > # Hostname: SERVER NAME
> > auth_debug = yes
> > auth_mechanisms = plain login
> > auth_verbose = yes
> > auth_verbose_passwords = plain
> > mail_location = maildir:/var/mail/mymail_storage/base/
> > passdb {
> > args = /etc/imap.v_users
> > driver = passwd-file
> > }
> > service auth {
> > unix_listener /var/spool/postfix/private/auth {
> > group = postfix
> > mode = 0660
> > user = postfix
> > }
> > }
> > service imap-login {
> > inet_listener imap {
> > port = 0
> > }
> > inet_listener imaps {
> > port = 993
> > }
> > }
> > ssl = required
> > userdb {
> > args = /etc/imap.v_users
> > driver = passwd-file
> > }
> > verbose_ssl = yes
> >
> >
> >
> >
> >
> > this is the error message I get by when I tried to connect with mutt:
> >
> >
> > Dec 11 08:34:26 MYSERVER dovecot: master: Dovecot v2.2.36 (1f10bfa63)
> > starting up for imap, pop3, lmtp (core dumps disabled)
> > Dec 11 08:34:34 MYSERVER dovecot: imap-login: Debug: SSL: where=0x10,
> > ret=1: before/accept initialization [my.home.ip.address]
> > Dec 11 08:34:34 MYSERVER dovecot: imap-login: Debug: SSL:
> > where=0x2001, ret=1: before/accept initialization [my.home.ip.address]
> > Dec 11 08:34:34 MYSERVER dovecot: imap-login: Debug: SSL:
> > where=0x2002, ret=-1: SSLv2/v3 read client hello A
> > [my.home.ip.address]
> > Dec 11 08:34:34 MYSERVER dovecot: imap-login: Warning: SSL alert:
> > where=0x4008, ret=552: fatal handshake failure [my.home.ip.address]
> > Dec 11 08:34:34 MYSERVER dovecot: imap-login: Debug: SSL:
> > where=0x2002, ret=-1: error [my.home.ip.address]
> > Dec 11 08:34:34 MYSERVER dovecot: imap-login: Debug: SSL:
> > where=0x2002, ret=-1: error [my.home.ip.address]
> > Dec 11 08:34:34 MYSERVER dovecot: imap-login: Debug: SSL error:
> > SSL_accept() failed: error:1408A0C1:SSL
> > routines:ssl3_get_client_hello:
> > Dec 11 08:34:34 MYSERVER dovecot: imap-login: Disconnected
> > (disconnected before auth was ready, waited 0 secs): user=<>,
> > rip=my.home.ip.address, lip=my.vps.ip.address, TLS hands
> > haking: SSL_accept() failed: error:1408A0C1:SSL
> > routines:ssl3_get_client_hello:no shared cipher,
> > session=<H8roHLp86psvNZ88>
> > Dec 11 08:34:34 MYSERVER dovecot: auth: Debug: Loading modules from
> > directory: /usr/lib64/dovecot/auth
> > Dec 11 08:34:34 MYSERVER dovecot: auth: Debug: Module loaded:
> > /usr/lib64/dovecot/auth/lib20_auth_var_expand_crypt.so
> > Dec 11 08:34:34 MYSERVER dovecot: auth: Debug: Module loaded:
> > /usr/lib64/dovecot/auth/libdriver_sqlite.so
> > Dec 11 08:34:34 MYSERVER dovecot: auth: Debug: Read auth token secret
> > from /var/run/dovecot/auth-token-secret.dat
> > Dec 11 08:34:34 MYSERVER dovecot: auth: Debug: passwd-file
> > /etc/imap.v_users: Read 1 users in 0 secs
Ah, the actual problem appears to be that you are not including the conf.d directory at all in your config, so you are ending up with no certificate at all. This is handled better in 2.3.x. Aki On 11.12.2018 12.01, Aki Tuomi wrote:> Hi! > > You have misconfigured service imap-login, remove the 993 listener > config (it's there by default) or add ssl = yes to it. > > Aki > > On 11.12.2018 11.58, Marco Fioretti wrote: >> hello, and some update >> short version: the error is still there, but I have some more data to >> share, thanks in advance for further advice >> >> first, I am using Mutt 1.10.1 (2018-07-13) as mail client, so it is >> not an obsolete version. >> second... at the moment I can send email through postfix on the same >> server, with the >> same certificates (almost: I still have to fix some stuff, but is NOT >> related to SSL/TLS, e.g >> reverse DNS). >> >> However, running openssl as requested returns "no peer certificate >> available", and when >> I connect with mutt to dovecot I still get the "no shared cipher" >> error. These are the permissions >> on the certificate files: >> >> ls -l /etc/letsencrypt/archive/<MYSERVER>/fullchain1.pem >> /etc/letsencrypt/archive/<MYSERVER>/privkey1.pem >> -r--------. 1 root root 3546 Dec 7 11:59 >> /etc/letsencrypt/archive/<MYSERVER>/fullchain1.pem >> -r--------. 1 root root 1704 Dec 7 11:59 >> /etc/letsencrypt/archive/<MYSERVER>/privkey1.pem >> >> output of openssl, dovecot -n, its current SSL settings and excerpt of >> the log file are all below. >> >> openssl s_client -host MY.ACTUAL.HOSTNAME.HERE -port 993 >> CONNECTED(00000003) >> 140141825717912:error:14077410:SSL >> routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake >> failure:s23_clnt.c:769: >> --- >> no peer certificate available >> --- >> No client certificate CA names sent >> --- >> SSL handshake has read 7 bytes and written 305 bytes >> --- >> New, (NONE), Cipher is (NONE) >> Secure Renegotiation IS NOT supported >> Compression: NONE >> Expansion: NONE >> No ALPN negotiated >> SSL-Session: >> Protocol : TLSv1.2 >> Cipher : 0000 >> Session-ID: >> Session-ID-ctx: >> Master-Key: >> Key-Arg : None >> PSK identity: None >> PSK identity hint: None >> SRP username: None >> Start Time: 1544521696 >> Timeout : 300 (sec) >> Verify return code: 0 (ok) >> --- >> >> current SSL dovecot settings in conf.d/10-ssl.conf >> >> ssl = yes >> >> ssl_prefer_server_ciphers = yes >> >> ssl_dh_parameters_length = 2048 >> >> sl_min_protocol = TLSv1.2 >> >> ssl_cert = </etc/letsencrypt/archive/<MYSERVER>/fullchain1.pem >> ssl_key = </etc/letsencrypt/archive/<MYSERVER>/privkey1.pem >> >> ssl_cipher_list = ALL >> >> output of dovecot -n: >> >> # OS: Linux 3.10.0-957.1.3.el7.x86_64 x86_64 CentOS Linux release >> 7.6.1810 (Core) ext4 >> # Hostname: SERVER NAME >> auth_debug = yes >> auth_mechanisms = plain login >> auth_verbose = yes >> auth_verbose_passwords = plain >> mail_location = maildir:/var/mail/mymail_storage/base/ >> passdb { >> args = /etc/imap.v_users >> driver = passwd-file >> } >> service auth { >> unix_listener /var/spool/postfix/private/auth { >> group = postfix >> mode = 0660 >> user = postfix >> } >> } >> service imap-login { >> inet_listener imap { >> port = 0 >> } >> inet_listener imaps { >> port = 993 >> } >> } >> ssl = required >> userdb { >> args = /etc/imap.v_users >> driver = passwd-file >> } >> verbose_ssl = yes >> >> >> >> >> >> this is the error message I get by when I tried to connect with mutt: >> >> >> Dec 11 08:34:26 MYSERVER dovecot: master: Dovecot v2.2.36 (1f10bfa63) >> starting up for imap, pop3, lmtp (core dumps disabled) >> Dec 11 08:34:34 MYSERVER dovecot: imap-login: Debug: SSL: where=0x10, >> ret=1: before/accept initialization [my.home.ip.address] >> Dec 11 08:34:34 MYSERVER dovecot: imap-login: Debug: SSL: >> where=0x2001, ret=1: before/accept initialization [my.home.ip.address] >> Dec 11 08:34:34 MYSERVER dovecot: imap-login: Debug: SSL: >> where=0x2002, ret=-1: SSLv2/v3 read client hello A >> [my.home.ip.address] >> Dec 11 08:34:34 MYSERVER dovecot: imap-login: Warning: SSL alert: >> where=0x4008, ret=552: fatal handshake failure [my.home.ip.address] >> Dec 11 08:34:34 MYSERVER dovecot: imap-login: Debug: SSL: >> where=0x2002, ret=-1: error [my.home.ip.address] >> Dec 11 08:34:34 MYSERVER dovecot: imap-login: Debug: SSL: >> where=0x2002, ret=-1: error [my.home.ip.address] >> Dec 11 08:34:34 MYSERVER dovecot: imap-login: Debug: SSL error: >> SSL_accept() failed: error:1408A0C1:SSL >> routines:ssl3_get_client_hello: >> Dec 11 08:34:34 MYSERVER dovecot: imap-login: Disconnected >> (disconnected before auth was ready, waited 0 secs): user=<>, >> rip=my.home.ip.address, lip=my.vps.ip.address, TLS hands >> haking: SSL_accept() failed: error:1408A0C1:SSL >> routines:ssl3_get_client_hello:no shared cipher, >> session=<H8roHLp86psvNZ88> >> Dec 11 08:34:34 MYSERVER dovecot: auth: Debug: Loading modules from >> directory: /usr/lib64/dovecot/auth >> Dec 11 08:34:34 MYSERVER dovecot: auth: Debug: Module loaded: >> /usr/lib64/dovecot/auth/lib20_auth_var_expand_crypt.so >> Dec 11 08:34:34 MYSERVER dovecot: auth: Debug: Module loaded: >> /usr/lib64/dovecot/auth/libdriver_sqlite.so >> Dec 11 08:34:34 MYSERVER dovecot: auth: Debug: Read auth token secret >> from /var/run/dovecot/auth-token-secret.dat >> Dec 11 08:34:34 MYSERVER dovecot: auth: Debug: passwd-file >> /etc/imap.v_users: Read 1 users in 0 secs