search for: tls_post_process_client_hello

I'm starting to see the following error when upgrading from 2.2.27 to 2.2.29. doveadm(ip.add.re.ss): Error: doveadm client disconnected before handshake: SSL_accept() failed: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher Downgrading from 2.2.27 resolves, error still persists in 2.2.28. I'm using openssl 1.1.0.f and an ec cert/key with the following curve. ASN1 OID: prime256v1 NIST CURVE: P-256 Does anyone know anything about this off the top of their head? If not I'll try to git-bis...

...t; > > On 07.06.2017 15:16, Pallissard, Matthew wrote: > > I'm starting to see the following error when upgrading from 2.2.27 to 2.2.29. > > > > doveadm(ip.add.re.ss): Error: doveadm client disconnected before handshake: SSL_accept() failed: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher > > > > Downgrading from 2.2.27 resolves, error still persists in 2.2.28. > > > > I'm using openssl 1.1.0.f and an ec cert/key with the following curve. > > ASN1 OID: prime256v1 > > NIST CURVE: P-256 > > > > > > Does any...

....0 fails, the curve selection will be forced to use secp384r1 like it would be on older versions. This curve change during negotiation breaks the connect for Android7 devices. They are not able to negotiate any ECDHE cipher. The dovecot log shows: ...SSL_accept() failed: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher... but here it is not a cipher problem. Instead it is a curve problem. This is most relevant if the server is suited with an ECDSA-Certificate. Than no TLS negotiation is possible. There should be added a more sufficient check for the OpenSSL version. If using OpenSSL 1.1.0*, th...

I'm starting to see the following error from doveadm when upgrading from 2.2.27 to 2.2.29. > doveadm(ip.add.re.ss): Error: doveadm client disconnected before handshake: SSL_accept() failed: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher I'm using a cert/key with the following curve. ASN1 OID: prime256v1 NIST CURVE: P-256 Downgrading to 2.2.27 resolves the issue. Does anyone know about this off the top of their head? If not I'll try to git-bisect 2.2.27->2.2.28 for any offending commits later on...

On 07.06.2017 15:16, Pallissard, Matthew wrote: > I'm starting to see the following error when upgrading from 2.2.27 to 2.2.29. > > doveadm(ip.add.re.ss): Error: doveadm client disconnected before handshake: SSL_accept() failed: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher > > Downgrading from 2.2.27 resolves, error still persists in 2.2.28. > > I'm using openssl 1.1.0.f and an ec cert/key with the following curve. > ASN1 OID: prime256v1 > NIST CURVE: P-256 > > > Does anyone know anything about this off the top of t...