Johannes Rohr
2020-Aug-17 09:52 UTC
Apple Mail Since upgrade to dovecot 2.3.x unable to connect
|Dear all,| |a couple of days ago I upgraded our server from Ubuntu 18.04 to 20.04, thereby upgrading dovecot from 2.2.x to 2.3.x. | |Since then, some older versions of apple's mail.app (bundled with el Capitano, released in 2016) no longer connect. When I turn on SSL debugging, I see:| |Debug: SSL error: SSL_accept() failed: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol imap-login: Debug: SSL error: SSL_accept() syscall failed: Invalid argument| || |Unfortunately, it doesn't reveal the name of the unsupported protocol. Also, what about the failed syscall? Does dovecot try and fail to open some file?| |Here are the contents of /etc/dovecot/conf.d/10-ssl.conf:| |??? ssl = yes ??? ssl_cert = </etc/ssl/letsencrypt/idaweb-mail.rooot.de/fullchain.pem ??? ssl_key = </etc/ssl/letsencrypt/idaweb-mail.rooot.de/key.pem ??? ssl_ca = </etc/ssl/letsencrypt/idaweb-mail.rooot.de/ca.pem ??? ssl_client_ca_dir = /etc/ssl/certs ??? ssl_dh = </etc/dovecot/dh.pem | |I would greatly appreciate any hints! | |Cheers,| |Johannes | | | || -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: OpenPGP digital signature URL: <https://dovecot.org/pipermail/dovecot/attachments/20200817/63ee36fc/attachment.sig>
Gregory Heytings
2020-Aug-17 10:11 UTC
Apple Mail Since upgrade to dovecot 2.3.x unable to connect
> > ssl_cert = </etc/ssl/letsencrypt/idaweb-mail.rooot.de/fullchain.pem > ssl_key = </etc/ssl/letsencrypt/idaweb-mail.rooot.de/key.pem > ssl_ca = </etc/ssl/letsencrypt/idaweb-mail.rooot.de/ca.pem >This is wrong, it should be: ssl_cert = </etc/letsencrypt/live/idaweb-mail.rooot.de/fullchain.pem ssl_key = </etc/letsencrypt/live/idaweb-mail.rooot.de/privkey.pem The address idaweb-mail.rooot.de does not resolve. There is a webmail.rooot.de , but its certificate is for mail.rooot.de , which is wrong. There is also a mail.rooot.de , whose certificate is also for mail.rooot.de , which is okay. Yet another possibility (but it seems less likely given that an Apple Mail from 2016 is a reasonably recent mail client) is that it does not support recent enough SSL protocols, which were enforced by your server upgrade. See the entries for MinProtocol and CipherString in the openssl.cnf file on the server. Gregory
Possibly Parallel Threads
- Apple Mail Since upgrade to dovecot 2.3.x unable to connect
- Apple Mail Since upgrade to dovecot 2.3.x unable to connect
- Dovecot won't accept IMAP TLS 1 connections from older devices [SOLVED]
- Unable to disable TLSv1.3 or fallback to TLSv1.2 when 1 cipher is disabled
- problem with client using TLS