similar to: Dovecot IMAPS : Thunderbird SSL cert issue / Evolution OK

Hello, This is a selfsigned cert. Both of the below methods were used. May I ask for 1. pointer to info setting up "intermediate certs" and where the certfile goes? The objective is to generate a self-signed cert and use it for just internal use with IMAPS dovecot. Separately, what are your thoughts as to why evolution works and thunderbird does not? Thank you, ==1 openssl

I would expect the public cert to be imported as a "server" not an "auth" The attached image shows that TBird wants an httpS url for a webserver, for the source. Ages ago, I think it prompted for "do you want to trust this new cert" and YES added it (assuming that is the public key) to the server list.? A bit confused by this. <see attached thunderbird

<!doctype html> <html><head> <meta charset="UTF-8"> </head><body><div>I see. You need to import the cert into thundebird's trusted ca certs.</div><div><br></div><div>Aki</div><blockquote type="cite"><div>On 30/04/2020 21:36 <a

<!doctype html> <html><head> <meta charset="UTF-8"> </head><body><div><br></div><blockquote type="cite"><div>On 30/04/2020 14:49 <a href="mailto:hanasaki@gmail.com">hanasaki@gmail.com</a> <<a href="mailto:hanasaki@gmail.com">hanasaki@gmail.com</a>>

Hello all, What are the instructions for making an SSL cert for Dovecot IMAPS? Two methods have been tried, and work, with Evolution; however generate the following error when Thunderbird tries to connect. Thank you, method 1 : self signed openssl req -newkey rsa:4096 -sha512 -x509 -days 365 -nodes -keyout mykey.key -out mycert.pem method 2 : Let's Encrypt (LE) CA Created with Certbot

I have an operational need to disable TLSv1.3 due to inadequate support to exclude certain ciphers. Much to my dismay, the `ssl_protocols` had been renamed and re-functionalized into `ssl_min_protocol`. Now, there is no way to exclude a specific group of one or more TLS versions. For a new bug report, I think we need two new settings: * `ssl_tls13_ciphersuite` and * `ssl_tls10_cipher`

I have an operational need to disable TLSv1.3 due to inadequate support to exclude certain ciphers. Much to my dismay, the `ssl_protocols` had been renamed and re-functionalized into `ssl_min_protocol`. Now, there is no way to exclude a specific group of one or more TLS versions. For a new bug report, I think we need two new settings: * `ssl_tls13_ciphersuite` and * `ssl_tls10_cipher`

Hello, after an upgrade of the dovecot server, I can not use SSL connections. Can you help me solving the issue? When googling for the error, there is an opinion that the client is broken (in my case Thunderbird, 3.1.3), but I rather see the issue in the server, because I was upgrading my gentoo box by hand, and the secure imap stopped to work after that. Is there a more verbose SSL logging

hi I want to use ECC(ellyptic curve cryptography) for SSL-connections but somehow dovecot doesn't like my ECC-certificates :( I tried to test using following scenario: machine: debian 6 (x64) dovecot 2.0.15-0~auto+21 ((f6a2c0e8bc03) from http://xi.rename-it.nl/debian openssl 1.0.0e-2 from testing (as the default 0.9.8o-4squeeze3 needs also the parameter -cipher ECCdraft for testing)

Hello, After client (Thunderbird, now version 31.0) updated today, it stopped connecting to Dovecot IMAP4S. The infamous "SSL alert number 42" is reported. Mail server uses local (created for intranet) CA certificate as root. I would appreciate pieces of advice on how to handle that without enabling plaintext authentication over insecure channels. Other intranet services work with

Hi, Have anyone else experienced problems using Dovecot with the mail app in beta releases of iOS/iPadOS 13? TLS is failing for my, it have worked fine for years and I am on the latest Dovecot version now, it works fine with older clients but not with the ones upgraded: Sep 04 19:49:16 imap-login: Debug: SSL: where=0x10, ret=1: before/accept initialization Sep 04 19:49:16 imap-login: Debug:

Hi, I have, in one customer, a web server running on a Verisign-signed certificate SSL certificate. Everything works fine, IE and Firefox connects on https without asking anything, which usually happens on self-signed certificates. I'm trying to use that certificate on dovecot, but clients (Thunderbird basically) keeps saying the certificate is not valid. yes i'm using,

Evolution prompted to accept the cert; which I did. Thunderbird used to prompt and allow acceptance; it no longer does... well sorta does. See my other posting for a screenshot where it shows "add server location https:// ...." HTTPS . no way to add from SMTP. Have also tried typing smtp://host:25 and https://host:25 On 4/30/20 5:39 PM, Joseph Tam wrote: > On Thu, 30 Apr 2020,

On 08 May 2020, at 09:43, Steve Egbert <s.egbert at sbcglobal.net> wrote: > I have an operational need to disable TLSv1.3 due to inadequate support to exclude certain ciphers. There is no need to disable TLSv1.3 and attempts to do so will be flagged as ?downgrade attacks?. > Much to my dismay, the `ssl_protocols` had been renamed and re-functionalized into `ssl_min_protocol`. >

Hello, I came across a strange problem with my Dovecot 2.1.7 installation (updated Debian Wheezy) in regards to SSL/TLS connections. My configuration is as follows: $ dovecot -n | grep ssl service imap-login { ssl = yes ... } ssl_cert = <...... ssl_cipher_list =

Also, more testimony to the same problem (by others) is posted over at ServerFault (StackOverflow): https://serverfault.com/questions/975871/forcing-dovecot-2-3-4-1-to-use-tlsv1-2 On 5/8/20 11:50 AM, Steve Egbert wrote: > I have an operational need to disable TLSv1.3 due to inadequate support > to exclude certain ciphers. > > Much to my dismay, the `ssl_protocols` had been

hello, and some update short version: the error is still there, but I have some more data to share, thanks in advance for further advice first, I am using Mutt 1.10.1 (2018-07-13) as mail client, so it is not an obsolete version. second... at the moment I can send email through postfix on the same server, with the same certificates (almost: I still have to fix some stuff, but is NOT related to

Hi everyone, I'm new to this ML. I have some issue with GMail import settings... I run a dovecot server (2.3.4.1) on Debian10 and I try to connect to my accounts from GMail. It's work fine from thunderbird in pop3,pop3s, imap, imaps... Submission work too... But it won't work on GMail except if I set ssl=yes and disable_plaintext_auth = no... Then GMail connect without SSL or

Greetings list, I have recently acquired an Nokia E71 (which comes with Symbian 3rd edition, feature pack 3 I believe). Accessing my emails has worked before, but now, I cannot connect to the mail server any longer. If I enable verbose_ssl, I get the following error in the log: SSL_accept() failed: error:140943F2:SSL routines:SSL3_READ_BYTES:sslv3 alert unexpected message [141.84.69.67] I

Config has ssl_verify_client_cert = no What options might have the client auth turned on? TYIA On 5/24/20 6:40 PM, Felipe Gasper wrote: > From what I can tell, ?SSL alert number 42? means that you?ve configured Dovecot to require client authentication. > > Otherwise, your Let?s Encrypt certificate (with its authority chain) should suffice. > > -FG > >> On May 24,