24 Nov
2022
24 Nov
'22
11:35 a.m.
Try setting SECLEVEL=0, also 2.3 is not officially supported by us on Ubuntu 22, so if it does not work, you'll have to bug the package maintainers.
Aki
On 24/11/2022 12:31 EET Six002 six002@protonmail.com wrote:
Hello, I have ubuntu 22.04, dovecot 2.3.16 and old email client (Outlook 2013) and their dont support TLSv1_2. In dovecot 10-ssl.conf i put: ssl_min_protocol = TLSv1, in openssl.cnf i have: openssl_conf = default_conf [ default_conf ] ssl_conf = ssl_section [ssl_section] system_default = ssl_default_sectq [ssl_default_sect] MinProtocol = TLSv1 CipherString = DEFAULT:@SECLEVEL=1
but when i check openssl s_client -connect localhost:993 -tls1_1 have output:
CONNECTED(00000003) 803BD26AC67F0000:error:0A000126:SSL routines:ssl3_read_n:unexpected eof while reading:../ssl/record/rec_layer_s3.c:308:
no peer certificate available
No client certificate CA names sent
SSL handshake has read 0 bytes and written 111 bytes Verification: OK
New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.1 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: PSK identity: None PSK identity hint: None SRP username: None Start Time: 1668602712 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no
version tls1_2 and 1_3 works fine. What I doing wrong? Thanks for help.