search for: ssl_

...d Mac clients through disabling ports 993/995 with TLS enabled back to ports 143/110 without SSL or they could not pick up email. Thunderbird users (ie; me) were unaffected. Could anyone share a set of port 993/995 SSL settings known to work with Windows7 and Outlook16 using "dovecot -n|grep ^ssl_" please ? Mine is currently... ssl_ca = </etc/ssl/certs/ca-certificates.crt ssl_cert = </etc/ssl/example.com/fullchain.pem ssl_dh = # hidden, use -P to show it ssl_key = # hidden, use -P to show it ssl_options = no_compression no_ticket ssl_prefer_server_ciphers = yes I have commented...

...g to dovecot with ssl3 causes imap-login to die: >> >> Mar 20 11:30:35 MAILHOST dovecot: [ID 583609 mail.crit] imap-login: Fatal: master: service(imap-login): child 21918 killed with signal 11 (core dumped) [last ip=127.0.0.1] > > I can't reproduce it. I tried it with the same ssl_* settings you had. Can you get a gdb backtrace from the crash? It says "core dumped", so I guess there should be a core file somewhere. http://dovecot.org/bugreport.html has some more info on how to get it. Thank you for your interest, here is a dbx trace. This was with OpenSSL 1.0.2a...

...143/NONE could help pick up the >>> mail. > > windows 7 just need tls 1.0, why its need to disabled all, is as well > beyong me, do not disable tls 1.0 in dovecot aslong one have windows > 7 clients Would anyone with Windows7 clients be able to provide me with the EXACT set of ssl_* settings that should work with W7 please? I tried for a week with various combinations but nothing worked short of disabling SSL altogether. These are the remnants of some attempts... # 20200531 suggested by Aki Tuomi #ssl_min_protocol = TLSv1.0 #ssl_ciphers = ALL:!LOW:!SSLv2:!EXP:!aNULL # http...

...Start Time: 1426851034 Timeout : 7200 (sec) Verify return code: 0 (ok) --- syslog: Mar 20 11:30:35 MAILHOST dovecot: [ID 583609 mail.crit] imap-login: Fatal: master: service(imap-login): child 21918 killed with signal 11 (core dumped) [last ip=127.0.0.1] dovecot.conf had: ssl_protocols = !SSLv2 !SSLv3 removing that line stops the core dump and syslog then shows: Mar 20 11:36:25 MAILHOST dovecot: [ID 583609 mail.info] imap-login: Disconnected (disconnected before auth was ready, waited 0 secs): user=<>, rip=127.0.0.1, lip=127.0.0.1, TLS handshaking: SSL_accept()...

...> Connecting to dovecot with ssl3 causes imap-login to die: > > Mar 20 11:30:35 MAILHOST dovecot: [ID 583609 mail.crit] imap-login: Fatal: master: service(imap-login): child 21918 killed with signal 11 (core dumped) [last ip=127.0.0.1] I can't reproduce it. I tried it with the same ssl_* settings you had. Can you get a gdb backtrace from the crash? It says "core dumped", so I guess there should be a core file somewhere. http://dovecot.org/bugreport.html has some more info on how to get it. > dovecot.conf had: > ssl_protocols = !SSLv2 !SSLv3 > > removing tha...

>But can you explain why you use globally: > >ssl_cert = </etc/ssl/dovecot.pem >ssl_key = </etc/ssl/private/dovecot.pem > >and certs for any additional Domain each? > >## >local_name mail.pettijohn-web.com { > ssl_cert = </etc/ssl/mail.pettijohn-web.com.crt > ssl_key = </etc/ssl/private/mail.pettijohn-web.com...

...ail.app with POP3s and IMAPs (both SSL). But not for Thunderbird (1.5.0.5) and Opera (latest). Setting "verbose_ssl=yes" and "auth_debug=yes" in the configuration gives this error from a Thunderbird login: Aug 16 14:16:28 credo dovecot: [ID 107833 mail.warning] pop3-login: SSL_accept() failed: error:140D308A:SSL routines:TLS1_SETUP_KEY_BLOCK:cipher or hash unavailable [85.225.200.123] Aug 16 14:16:28 credo dovecot: [ID 107833 mail.info] pop3-login: Disconnected: rip=85.225.200.123, lip=195.198.174.212, TLS Aug 16 14:16:29 credo dovecot: [ID 107833 mail.warning] pop3-l...

On 21/03/2015 10:00, James wrote: >>> the "SSL23_GET_CLIENT_HELLO:unsupported protocol" seems to do what I >>> thought the ssl_protocols setting did. >>> Do I still need, if I ever needed, the "ssl_protocols = " setting? >> >> All these ssl_* settings just go to OpenSSL without Dovecot (or I) >> knowing all that much about them. I think you still need it, but maybe >> it's beca...

Am 21.03.2015 um 11:51 schrieb James: > On 21/03/2015 10:00, James wrote: > >>>> the "SSL23_GET_CLIENT_HELLO:unsupported protocol" seems to do what I >>>> thought the ssl_protocols setting did. >>>> Do I still need, if I ever needed, the "ssl_protocols = " setting? >>> >>> All these ssl_* settings just go to OpenSSL without Dovecot (or I) >>> knowing all that much about them. I think you still need it, but maybe >&g...

Hi, the actual OpenSSL version detection in dovecot is insufficient. The implementation only checks for SSL_CTRL_SET_ECDH_AUTO. That was effective for OpenSSL 1.0.2, but in 1.1.0 it is removed. Thats the code part: #ifdef SSL_CTRL_SET_ECDH_AUTO /* OpenSSL >= 1.0.2 automatically handles ECDH temporary key parameter selection. */ SSL_CTX_set_ecdh_auto(ssl_ctx, 1); #else...

...pick up email. Thunderbird users (ie; me) were unaffected. </div> <div> <br> </div> <div> Could anyone share a set of port 993/995 SSL settings known to work </div> <div> with Windows7 and Outlook16 using "dovecot -n|grep ^ssl_" please ? </div> <div> <br> </div> <div> Mine is currently... </div> <div> <br> </div> <div> ssl_ca = </etc/ssl/certs/ca-certificates.crt </div> <div> ssl_cert = </et...

...t; 993/995 with TLS enabled back to ports 143/110 without SSL or they >> could not pick up email. Thunderbird users (ie; me) were unaffected. >> >> Could anyone share a set of port 993/995 SSL settings known to work >> with Windows7 and Outlook16 using "dovecot -n|grep ^ssl_" please ? >> >> Mine is currently... >> >> ssl_ca = </etc/ssl/certs/ca-certificates.crt >> ssl_cert = </etc/ssl/example.com/fullchain.pem >> ssl_dh = # hidden, use -P to show it >> ssl_key = # hidden, use -P to show it >> ssl_options = no_c...

On Tue Jul 07 2020 02:07:08 GMT-0400 (Eastern Standard Time), Mark Constable <markc at renta.net> wrote: > FWIW I meant if the client is Windows7/old-Outlook then changing either > 993/SSL or 143/STARTTLS to 143/NONE could help pick up the mail. We had > to do this for a 100 or so clients a few months ago after upgrading to > Ubuntu 20.04. Really, really bad idea. You just

hi, it seems when dovecot use ldap user and password databases it's not possible to use tls connection and certificate with the ldap connection. wouldn't it be possible to use the same certificate on the ldap connection as used in the ssl_{cert,key}_file parameters in the dovecot conf (or would be possible to use it's own cert in the ldap conf file? yours. -- Levente "Si vis pacem para bellum!"

is it possible to use 2 different sets of ssl certificates, for 2 different hostnames ( e.g. pop.domain.com and imap.domain.com ) ? thank you

Hi there, is there any way to get the imap and pop client to use separate keys? My Thunderbird client complains when I am popping from popss.domain.com that the certificate is owned by imapss.domain.com Any clues here? Cheers, Noah

Hello, It seems that Dovecot ignores the new /ssl_cert and ssl_key /settings. Using them in the dovecot configuration results in the error: Fatal: Couldn't parse private ssl_key: error:0906D06C:PEM routines:PEM_read_bio:no start line: Expecting: ANY PRIVATE KEY] Using the old /ssl_//cert//_file/ and /ssl_key_file/ results in their being obs...

I am trying to use my (decrypted) SSL key and certificate in Dovecot. I have changed /etc/dovecot/conf.d/10-ssl.conf like so: ssl_cert = </etc/ssl/private/ssl-chain-mail-mydomain.com.pem ssl_key = </etc/ssl/private/ssl-key-decrypted-mail-mydomain.com.key However, after running service dovecot restart, dovecot -n still says that the files /etc/dovecot/dovecot.pem and /etc/dovecot/private/dovecot.pem are being used. I am...

Hi, I'm migrating a uw-imap installation to dovecot. With uw-imap I had different SSL certificates and keys for ipop3d and imapd. How can I configure dovecot to do the same with its pop3s and imaps services? Thanks in advance, -- _________________________creating IT solutions Michael Weiser science + computing ag bei Eisenbahn und Haefen Postfach 11 02 63 Hagellocher Weg

I'm trying to setup dovecot on Solaris 10. I can get it all working except TLS/SSL. I traced my problem down to the version of openssl that Solaris 10 ships with. The fix is supposed to be to use a newer version of openssl. Without removing the built-in version of openssl I've installed openssl-0.9.8b to /usr/local. When I "./configure" dovecot it seems to always pick up the