running dovecot 2.3.18 (current)
can do connection test
# openssl s_client -connect localhost:993 -tls1
CONNECTED(00000003)
write:errno=0
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 104 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1649941141
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
---
and worked ok
currently i hve the min version remmed out?
ssl = yes
verbose_ssl = yes
ssl_dh =</usr/local/etc/dovecot/dh-4096.pem
ssl_prefer_server_ciphers = yes
#ssl_min_protocol = TLSv1.2
On 4/12/2022 3:32 PM, Myriam Luce
wrote:
Hi, I'm trying to enable TLS1.0 support for an old client. Per
dovecot -n
# 2.3.7.2 (3c910f64b): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.7.2 ()
# OS:
Linux 5.4.0-107-generic x86_64 Ubuntu 20.04.4 LTS ext4
# Hostname:
In 10-ssl.conf, I have set
ssl_min_protocol = TLSv1
(It doesn't show in dovecot -n, I suspect because it's equal to
default value?) I restarted dovecot with systemctl. Then, from
another machine,
openssl s_client -connect zeserver.com:993 -tls1
fails with this output:
CONNECTED(00000003)
140166917489984:error:141E70BF:SSL
routines:tls_construct_client_hello:no protocols
available:../ssl/statem/statem_clnt.c:1112:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 7 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
The same command with -tls1_2 works as intended (certificate
printing, imap prompt).
Am I forgetting something somewhere, or is this an actual bug?