Separate subject, but couldn't help but notice, SSL3 is being used? Wasn't SSL3 retired because of POODLE exploits? Can someone more knowledgeable confirm? On 9/7/21 11:05, Steve Dondley wrote:> > On 2021-09-07 01:25 PM, Amol Kulkarni wrote: > >> Hello, >> After I replaced my certificate with a new one yesterday, I'm seeing >> some ssl related errors. There are successful pop/imap logins using >> SSL also. So I think the certificate?in itself is fine. No user has >> complained as yet, so I don't know for sure. However the count of >> errors has surely increased after installing the new certificate. >> There are 2 errors seen : >> dovecot: imap-login: Disconnected (no auth attempts in 1 secs): >> user=<>, rip=, lip >> =, TLS handshaking: SSL_accept() failed: error:14094416:SSL >> routines:SSL3_READ_BYTES:sslv3 alert certificate unknown: SSL alert >> number 46, session=<9m0AnVnL >> 2pHf4hso> >> >> >> dovecot: imap-login: Disconnected (no auth attempts in 0 secs): >> user=<>, rip=, lip >> =, TLS: SSL_read() failed: error:14094412:SSL >> routines:SSL3_READ_BYTES:sslv3 alert bad certificate: SSL alert >> number 42, session=<ww/b6VfLmeR7yTog> >> Kindly help with some pointers. >> Thanks and Regards, >> Amol > > I assume you tried restarting dovecot, but just in case... >-------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20210907/b2e898cb/attachment.html>
nothing comenting about more knowledgable, but ssl3 nobody uses. it is even adviced not to use tls 1.1 and below> Separate subject, but couldn't help but notice, SSL3 is being used? > Wasn't SSL3 retired because of POODLE exploits? Can someone more > knowledgeable confirm? > > > On 9/7/21 11:05, Steve Dondley wrote: > > > On 2021-09-07 01:25 PM, Amol Kulkarni wrote: > > Hello, > > > After I replaced my certificate with a new one yesterday, I'm > seeing some ssl related errors. There are successful pop/imap logins > using SSL also. So I think the certificate in itself is fine. No user > has complained as yet, so I don't know for sure. However the count of > errors has surely increased after installing the new certificate. > There are 2 errors seen : > dovecot: imap-login: Disconnected (no auth attempts in 1 > secs): user=<>, rip=, lip > =, TLS handshaking: SSL_accept() failed: error:14094416:SSL > routines:SSL3_READ_BYTES:sslv3 alert certificate unknown: SSL alert > number 46, session=<9m0AnVnL > 2pHf4hso> > > > dovecot: imap-login: Disconnected (no auth attempts in 0 > secs): user=<>, rip=, lip > =, TLS: SSL_read() failed: error:14094412:SSL > routines:SSL3_READ_BYTES:sslv3 alert bad certificate: SSL alert number > 42, session=<ww/b6VfLmeR7yTog> > > Kindly help with some pointers. > > Thanks and Regards, > Amol > > I assume you tried restarting dovecot, but just in case...
On 2021-09-07, N <dundir at gmail.com> wrote:> Separate subject, but couldn't help but notice, SSL3 is being used? > Wasn't SSL3 retired because of POODLE exploits? Can someone more > knowledgeable confirm?"sslv3 alert certificate unknown" does not mean that SSLv3 is used.