ssl_min_protocol appears to be ignored?

Myriam Luce luce.myriam at
Tue Apr 12 19:32:43 UTC 2022

Hi, I'm trying to enable TLS1.0 support for an old client. Per dovecot -n

# (3c910f64b): /etc/dovecot/dovecot.conf
# Pigeonhole version ()
# OS: Linux 5.4.0-107-generic x86_64 Ubuntu 20.04.4 LTS ext4
# Hostname:

In 10-ssl.conf, I have set

ssl_min_protocol = TLSv1

(It doesn't show in dovecot -n, I suspect because it's equal to default 
value?) I restarted dovecot with systemctl. Then, from another machine,

openssl s_client -connect -tls1

fails with this output:

routines:tls_construct_client_hello:no protocols 
no peer certificate available
No client certificate CA names sent
SSL handshake has read 0 bytes and written 7 bytes
Verification: OK
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)

The same command with -tls1_2 works as intended (certificate printing, 
imap prompt).

Am I forgetting something somewhere, or is this an actual bug?

More information about the dovecot mailing list