Kristijan Savic - ratiokontakt GmbH
2019-Aug-21 15:51 UTC
sometimes no shared cipher after upgrade from 2.2 to 2.3
> SSL3 is no longer included in the cipher sets. Try this: > > ssl_min_protocol = SSLv3Thanks. Unfortunately, no dice - same error. Any other tips? I was under the impression "no shared cipher" was rather the problem? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: This is a digitally signed message part. URL: <https://dovecot.org/pipermail/dovecot/attachments/20190821/f31cbf98/attachment-0001.sig>
Lefteris Tsintjelis
2019-Aug-21 16:35 UTC
sometimes no shared cipher after upgrade from 2.2 to 2.3
On 21/8/2019 18:51, Kristijan Savic - ratiokontakt GmbH via dovecot wrote:> >> SSL3 is no longer included in the cipher sets. Try this: >> >> ssl_min_protocol = SSLv3 > > Thanks. Unfortunately, no dice - same error. > > Any other tips? I was under the impression "no shared cipher" was rather the > problem?Yes this is exactly the problem but the error is specific to SSL3 shared ciphers. routines:ssl3_get_client_hello:no shared cipher You may also want to add this ssl_cipher_list = ALL Basically you should focus as to why SSL3 ciphers are not activated. If the above parameter did not work, it is very possible the openssl distribution you have has not included SSL3 support at all. You may have to do some recompiling if this is the case. If your old clients are only from your internal net and you do not provide any ISP like services you may consider upgrading the clients as you will have quite often issues such as this one in the near future as SSL3 support and below is in the process of being dropped from almost everything.
Kristijan Savic - ratiokontakt GmbH
2019-Aug-23 15:17 UTC
sometimes no shared cipher after upgrade from 2.2 to 2.3
> Yes this is exactly the problem but the error is specific to SSL3 shared > ciphers. > > routines:ssl3_get_client_hello:no shared cipher > > You may also want to add this > > ssl_cipher_list = ALL > > Basically you should focus as to why SSL3 ciphers are not activated. If > the above parameter did not work, it is very possible the openssl > distribution you have has not included SSL3 support at all. You may have > to do some recompiling if this is the case. > > If your old clients are only from your internal net and you do not > provide any ISP like services you may consider upgrading the clients as > you will have quite often issues such as this one in the near future as > SSL3 support and below is in the process of being dropped from almost > everything.Thank you for your input and everyone elses. You may be right that any solution wouldn't have much longevity - so we will just tell the affected users that older clients are not supported any longer. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: This is a digitally signed message part. URL: <https://dovecot.org/pipermail/dovecot/attachments/20190823/879765e0/attachment.sig>
Maybe Matching Threads
- sometimes no shared cipher after upgrade from 2.2 to 2.3
- sometimes no shared cipher after upgrade from 2.2 to 2.3
- Sieve operation "send copy" not working since upgrade from dovecot 2.2.31-1 to 2.3.5.1-1
- Strange behaviour with BLF-CRYPT and SHA*-CRYPT pasword schemas
- Strange behaviour with BLF-CRYPT and SHA*-CRYPT pasword schemas