similar to: doveadm ssl error when upgrading from 2.2.27 to 2.2.29

On Thu, Jun 08, 2017 at 11:06:01AM +0300, Aki Tuomi wrote: > > > On 07.06.2017 15:16, Pallissard, Matthew wrote: > > I'm starting to see the following error when upgrading from 2.2.27 to 2.2.29. > > > > doveadm(ip.add.re.ss): Error: doveadm client disconnected before handshake: SSL_accept() failed: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared

On 07.06.2017 15:16, Pallissard, Matthew wrote: > I'm starting to see the following error when upgrading from 2.2.27 to 2.2.29. > > doveadm(ip.add.re.ss): Error: doveadm client disconnected before handshake: SSL_accept() failed: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher > > Downgrading from 2.2.27 resolves, error still persists in 2.2.28. >

I'm starting to see the following error from doveadm when upgrading from 2.2.27 to 2.2.29. > doveadm(ip.add.re.ss): Error: doveadm client disconnected before handshake: SSL_accept() failed: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher I'm using a cert/key with the following curve. ASN1 OID: prime256v1 NIST CURVE: P-256 Downgrading to 2.2.27

Recently thunderbird and Dovecot IMAPS cannot agree on SSL however Evolution, on the exact same system, is working fine with the same accounts. Tried recreating the Dovecot cert and also the thunderbird accounts from scratch. The OpenSSL raw client works fine as well. Would someone also confirm the openssl commands to create a selfsigned cert for dovecot imaps. They cert created does work

Hello, This is a selfsigned cert. Both of the below methods were used. May I ask for 1. pointer to info setting up "intermediate certs" and where the certfile goes? The objective is to generate a self-signed cert and use it for just internal use with IMAPS dovecot. Separately, what are your thoughts as to why evolution works and thunderbird does not? Thank you, ==1 openssl

Hi, Have anyone else experienced problems using Dovecot with the mail app in beta releases of iOS/iPadOS 13? TLS is failing for my, it have worked fine for years and I am on the latest Dovecot version now, it works fine with older clients but not with the ones upgraded: Sep 04 19:49:16 imap-login: Debug: SSL: where=0x10, ret=1: before/accept initialization Sep 04 19:49:16 imap-login: Debug:

I would expect the public cert to be imported as a "server" not an "auth" The attached image shows that TBird wants an httpS url for a webserver, for the source. Ages ago, I think it prompted for "do you want to trust this new cert" and YES added it (assuming that is the public key) to the server list.? A bit confused by this. <see attached thunderbird

hello, and some update short version: the error is still there, but I have some more data to share, thanks in advance for further advice first, I am using Mutt 1.10.1 (2018-07-13) as mail client, so it is not an obsolete version. second... at the moment I can send email through postfix on the same server, with the same certificates (almost: I still have to fix some stuff, but is NOT related to

I have an operational need to disable TLSv1.3 due to inadequate support to exclude certain ciphers. Much to my dismay, the `ssl_protocols` had been renamed and re-functionalized into `ssl_min_protocol`. Now, there is no way to exclude a specific group of one or more TLS versions. For a new bug report, I think we need two new settings: * `ssl_tls13_ciphersuite` and * `ssl_tls10_cipher`

I have an operational need to disable TLSv1.3 due to inadequate support to exclude certain ciphers. Much to my dismay, the `ssl_protocols` had been renamed and re-functionalized into `ssl_min_protocol`. Now, there is no way to exclude a specific group of one or more TLS versions. For a new bug report, I think we need two new settings: * `ssl_tls13_ciphersuite` and * `ssl_tls10_cipher`

hi I want to use ECC(ellyptic curve cryptography) for SSL-connections but somehow dovecot doesn't like my ECC-certificates :( I tried to test using following scenario: machine: debian 6 (x64) dovecot 2.0.15-0~auto+21 ((f6a2c0e8bc03) from http://xi.rename-it.nl/debian openssl 1.0.0e-2 from testing (as the default 0.9.8o-4squeeze3 needs also the parameter -cipher ECCdraft for testing)

I'm trying to move from my exising server to a new site. In preparation for this I've set up the new server as per the first attachment. I've added additional (temporary) setting to the new site as per these instructions https://wiki2.dovecot.org/Migration/Dsync but when I try to do a backup with the following command from the old to the new site sudo doveadm -D -o

Greetings, I have had to reinstall my email server on another Linux (centos 7.6) VPS, with a newer version of dovecot, other software and a brand new letsencrypt certificate just for email withpostfix and dovecot (that certificate works fine with postfix). Output of dovecot --version and dovecot -n on the new server is below. Now, messages ARE delivered in the right IMAP mailboxes, but when I try

Hi, the actual OpenSSL version detection in dovecot is insufficient. The implementation only checks for SSL_CTRL_SET_ECDH_AUTO. That was effective for OpenSSL 1.0.2, but in 1.1.0 it is removed. Thats the code part: #ifdef SSL_CTRL_SET_ECDH_AUTO /* OpenSSL >= 1.0.2 automatically handles ECDH temporary key parameter selection. */ SSL_CTX_set_ecdh_auto(ssl_ctx, 1);

Hi, I can no longer connect to Dovecot (IMAP). The connection is terminated by Dovecot after Client Helo. My server: Dovecot 2.3.3 Debian buster/sid Architecture: ppc My problems started in late August after upgrading Dovecot. SSL settings: ssl_dh = </etc/ssl/dh2048.pem ssl_min_protocol = TLSv1.2 ssl_cipher_list =

Hello. Few days ago upgraded from v2.2.26.0 >v2.2.27 and now windows 10, with any outlook version (2007,2010,2013,2016) doesn't connect IMAP SSL: Dec 12 12:29:35 server dovecot: imap-login: Debug: SSL: elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges Dec 12 12:29:35 server dovecot: imap-login: Debug: SSL: elliptic curve secp384r1 will be used for ECDH and ECDHE key

Hello, I would like to know if dovecot/pigeonhole provide a way to do sieve redirection with sender rewriting scheme (srs)? I apologize in advance if that e-mail address isn't meant for assistance, but I've asked on the official irc channel on freenode and was told to direct my query to dovecot at dovecot.org, I hope you won't mind. Thanking you in advance Best Regards

Dear Team I have faced issue with email downloading in the email client by using pop3 SSL port 995 in dovecot v2.1.17 for outlook client 2016 on production environment. As per my troubleshooting on my test environment, I have upgraded dovecot version v2.2.28, and changed paramer "ssl_dh_parameters_length = 2048" and "verbose_ssl = yes", The issue seems to be resolved in

Hi, I'm having some problem with llvm-mc on a program after applying a pass: ../../../build/Release+Asserts/bin/clang -emit-llvm -c -I./testprof/ -I./src/headers/ -I../libtommath-0.42.0/ -Wall -Wsign-compare -W -Wshadow -Wno-unused-parameter -DLTC_SOURCE -O0 -DLTC_NO_ASM -DUSE_LTM -DLTM_DESC -o src/pk/asn1/der/sequence/der_encode_sequence_ex.bc

Something is adding a bogus comment string. Specifically " # %case^M18 ", where "^M" is a single ctrl-M character. The ^M is seen by the asm parser as an end-of-line, so the '18' is a new token at the start of a line, not part of the comment. Is your pass perhaps using label names which might include literal "^M" characters? -Jim On Jun 13, 2012, at