Recommended Protocols?

Chris Bennett chris-dvcot at freedomforlife.rocks
Tue Nov 10 22:18:47 EET 2020


On Tue, Nov 10, 2020 at 09:07:37AM -0600, Raymond Herrera wrote:
> 
> I have arrived to a preliminary conclusion. The error that I am getting is
> this:
> 
> dovecot: imap-login: Disconnected: TLS: SSL_read() failed: SSL
> routines:ssl3_read_bytes:sslv3 alert bad certificate: SSL alert number 42
> 

SSLv3 is no longer considered safe. You shouldn't use it. If the mail
client program can't use something newer (I only allow TLSv2 and TLSv3),
I would question whether it's a good choice. Because runaway spam is the
kiss of death with blacklisting and IP reputation.

Isn't sslv3 disallowed in the default config???

If it's only for reading and not sending mail, then just manually set it
up as sslv3 allowed.

Hopefully this is helpful. Debug logs can be helpful \o/, or just confusing
 :-[ but they are long to read through.

Good luck!
Chris Bennett




More information about the dovecot mailing list