Kristijan Savic - ratiokontakt GmbH
2019-Aug-21 13:12 UTC
sometimes no shared cipher after upgrade from 2.2 to 2.3
We recently upgraded from dovecot 2.2 to 2.3.7.1-1 Not many, but some users are experiencing difficulties. The dovecot directors log: Aug 21 14:28:49 director01 dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=redacted, lip=10.0.0.120, TLS handshaking: SSL_accept() failed: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher, session=<EeoTt5+QXwVUl87W> Any ide what could be causing it? Thanks, Kristijan -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: This is a digitally signed message part. URL: <https://dovecot.org/pipermail/dovecot/attachments/20190821/65df5128/attachment.sig>
Lefteris Tsintjelis
2019-Aug-21 13:39 UTC
sometimes no shared cipher after upgrade from 2.2 to 2.3
On 21/8/2019 16:12, Kristijan Savic - ratiokontakt GmbH via dovecot wrote:> We recently upgraded from dovecot 2.2 to 2.3.7.1-1 > > Not many, but some users are experiencing difficulties. The dovecot directors > log: > > Aug 21 14:28:49 director01 dovecot: pop3-login: Disconnected (no auth attempts > in 0 secs): user=<>, rip=redacted, lip=10.0.0.120, TLS handshaking: > SSL_accept() failed: error:1408A0C1:SSL routines:ssl3_get_client_hello:no > shared cipher, session=<EeoTt5+QXwVUl87W> > > Any ide what could be causing it?SSL3 is no longer included in the cipher sets. Try this: ssl_min_protocol = SSLv3
Alexander Dalloz
2019-Aug-21 14:56 UTC
sometimes no shared cipher after upgrade from 2.2 to 2.3
Am 2019-08-21 15:39, schrieb Lefteris Tsintjelis via dovecot: [ ... ]> SSL3 is no longer included in the cipher sets. Try this: > > ssl_min_protocol = SSLv3Instead of doing that I recommend to identify the users and teaching them to use a current OS / mail client. SSLv3 should not be used by anyone. Alexander
Kristijan Savic - ratiokontakt GmbH
2019-Aug-21 15:51 UTC
sometimes no shared cipher after upgrade from 2.2 to 2.3
> SSL3 is no longer included in the cipher sets. Try this: > > ssl_min_protocol = SSLv3Thanks. Unfortunately, no dice - same error. Any other tips? I was under the impression "no shared cipher" was rather the problem? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: This is a digitally signed message part. URL: <https://dovecot.org/pipermail/dovecot/attachments/20190821/f31cbf98/attachment-0001.sig>
On 21 Aug 2019, at 07:12, Kristijan Savic - ratiokontakt GmbH <ks at ratiokontakt.de> wrote:> ssl3> Any ide what could be causing it?Old MUAs or bad settings on the MUA. SSLv3 should not be used. You should NOT try to add support for SSLv3. -- "Alas, earwax.?
Possibly Parallel Threads
- sometimes no shared cipher after upgrade from 2.2 to 2.3
- sometimes no shared cipher after upgrade from 2.2 to 2.3
- sometimes no shared cipher after upgrade from 2.2 to 2.3
- Strange behaviour with BLF-CRYPT and SHA*-CRYPT pasword schemas
- Sieve operation "send copy" not working since upgrade from dovecot 2.2.31-1 to 2.3.5.1-1