Dovecot and TLSv1 on ubuntu 22.04

Aki Tuomi aki.tuomi at open-xchange.com
Thu Nov 24 10:35:46 UTC 2022


Try setting SECLEVEL=0, also 2.3 is not officially supported by us on Ubuntu 22, so if it does not work, you'll have to bug the package maintainers.

Aki

> On 24/11/2022 12:31 EET Six002 <six002 at protonmail.com> wrote:
> 
> 
> Hello,
> I have ubuntu 22.04, dovecot 2.3.16 and old email client (Outlook 2013) and their dont support TLSv1_2.
> In dovecot 10-ssl.conf i put: ssl_min_protocol = TLSv1, 
> in openssl.cnf i have:
> openssl_conf = default_conf
> [ default_conf ]
> ssl_conf = ssl_section
> [ssl_section]
> system_default = ssl_default_sectq
> [ssl_default_sect]
> MinProtocol = TLSv1
> CipherString = DEFAULT:@SECLEVEL=1
> 
> but when i check openssl s_client -connect localhost:993 -tls1_1
> have output:
> 
> CONNECTED(00000003)
> 803BD26AC67F0000:error:0A000126:SSL routines:ssl3_read_n:unexpected eof while reading:../ssl/record/rec_layer_s3.c:308:
> ---
> no peer certificate available
> ---
> No client certificate CA names sent
> ---
> SSL handshake has read 0 bytes and written 111 bytes
> Verification: OK
> ---
> New, (NONE), Cipher is (NONE)
> Secure Renegotiation IS NOT supported
> Compression: NONE
> Expansion: NONE
> No ALPN negotiated
> SSL-Session:
> Protocol : TLSv1.1
> Cipher : 0000
> Session-ID:
> Session-ID-ctx:
> Master-Key:
> PSK identity: None
> PSK identity hint: None
> SRP username: None
> Start Time: 1668602712
> Timeout : 7200 (sec)
> Verify return code: 0 (ok)
> Extended master secret: no
> ---
> 
> version tls1_2 and 1_3 works fine.
> What I doing wrong?
> Thanks for help.
>


More information about the dovecot mailing list