On Thu, Jun 08, 2017 at 11:06:01AM +0300, Aki Tuomi wrote:
On 07.06.2017 15:16, Pallissard, Matthew wrote:
I'm starting to see the following error when upgrading from 2.2.27 to 2.2.29.
doveadm(ip.add.re.ss): Error: doveadm client disconnected before handshake: SSL_accept() failed: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher
Downgrading from 2.2.27 resolves, error still persists in 2.2.28.
I'm using openssl 1.1.0.f and an ec cert/key with the following curve. ASN1 OID: prime256v1 NIST CURVE: P-256
Does anyone know anything about this off the top of their head? If not I'll try to git-bisect 2.2.27 -> 2.2.28 and see if I can find any offending commits later on this week.
That would indicate a problem with cipher lists. What are you doing that causes this?
Aki
I'm dealing with a pretty vanilla config.
The only ssl related settings are as follows.
ssl_cert =
local_name domain.com { ssl_cert =
mail_replica = tcps:replica.hostname:port
When I turn up the ssl debug logging all I get the following.
From the host where mail is being replicated to; doveadm: Debug: SSL: elliptic curve prime256v1 will be used for ECDH and ECDHE key exchanges doveadm(replicating.to.this.host): Debug: SSL: where=0x10, ret=1: before SSL initialization doveadm(replicating.to.this.host): Debug: SSL: where=0x2001, ret=1: before SSL initialization doveadm(replicating.to.this.host): Debug: SSL: where=0x2002, ret=-1: before SSL initialization doveadm(replicating.to.this.host): Debug: SSL: where=0x2002, ret=-1: before SSL initialization doveadm(replicating.to.this.host): Debug: SSL: where=0x2001, ret=1: before SSL initialization doveadm(replicating.to.this.host): Debug: SSL alert: where=0x4008, ret=552: fatal handshake failure doveadm(replicating.to.this.host): Debug: SSL: where=0x2002, ret=-1: error doveadm(replicating.to.this.host): Debug: SSL error: SSL_accept() failed: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher doveadm(replicating.to.this.host): Error: doveadm client disconnected before handshake: SSL_accept() failed: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher doveadm(replicating.to.this.host): Debug: SSL error: SSL_accept() syscall failed: Invalid argument
From the host where the mail is being replicated from. dovecot[5904]: doveadm(matt@pallissard.net): Error: doveadm server disconnected before handshake: Broken pipe dovecot[5904]: doveadm(matt@pallissard.net): Error: sync: Disconnected from remote: Broken pipe
-- Matt Pallissard