Re: Error: SSL_accept() syscall failed

In case it helps, here are the results of testssl.sh:

jervin@MiniUntu:~/testssl/testssl.sh$ ./testssl.sh kumo.kites.org:993

########################################################### testssl.sh       3.0rc5 from https://testssl.sh/dev/ (35c69be 2019-10-02 17:53:37 -- )

      This program is free software. Distribution and modification under GPLv2 permitted. USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK!

       Please file bugs @ https://testssl.sh/bugs/

###########################################################

 Using "OpenSSL 1.0.2-chacha (1.0.2k-dev)" [~183 ciphers] on MiniUntu:./bin/openssl.Linux.x86_64 (built: "Jan 18 17:12:17 2019", platform: "linux-x86_64")

 Start 2019-10-11 07:28:20        -->> 3.222.54.62:993 (kumo.kites.org) <<--

 rDNS (3.222.54.62):     kumo.kites.org. Service detected:       IMAP, thus skipping HTTP specific checks

 Testing protocols via sockets except NPN+ALPN

 SSLv2      not offered (OK) SSLv3      not offered (OK) TLS 1      offered (deprecated) TLS 1.1    offered (deprecated) TLS 1.2    offered (OK) TLS 1.3    offered (OK): final NPN/SPDY   not offered ALPN/HTTP2 not offered

 Testing cipher categories

 NULL ciphers (no encryption)                  not offered (OK) Anonymous NULL Ciphers (no authentication)    not offered (OK) Export ciphers (w/o ADH+NULL)                 not offered (OK) LOW: 64 Bit + DES, RC[2,4] (w/o export)       not offered (OK) Triple DES Ciphers / IDEA                     not offered (OK) Average: SEED + 128+256 Bit CBC ciphers       offered Strong encryption (AEAD ciphers)              offered (OK)

 Testing robust (perfect) forward secrecy, (P)FS -- omitting Null Authentication/Encryption, 3DES, RC4

 PFS is offered (OK)          TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA DHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-CHACHA20-POLY1305 DHE-RSA-CHACHA20-POLY1305 DHE-RSA-AES256-CCM8 DHE-RSA-AES256-CCM DHE-RSA-AES256-SHA256 DHE-RSA-AES256-SHA ECDHE-RSA-CAMELLIA256-SHA384 DHE-RSA-CAMELLIA256-SHA256 DHE-RSA-CAMELLIA256-SHA DHE-RSA-ARIA256-GCM-SHA384 ECDHE-ARIA256-GCM-SHA384 TLS_AES_128_GCM_SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-CCM8 DHE-RSA-AES128-CCM DHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA ECDHE-RSA-CAMELLIA128-SHA256 DHE-RSA-CAMELLIA128-SHA256 DHE-RSA-SEED-SHA DHE-RSA-CAMELLIA128-SHA DHE-RSA-ARIA128-GCM-SHA256 ECDHE-ARIA128-GCM-SHA256 Elliptic curves offered:     secp384r1 DH group offered:            Unknown DH group (1024 bits)

 Testing server preferences

 Has server cipher order?     yes (OK) -- only for < TLS 1.3 Negotiated protocol          TLSv1.3 Negotiated cipher            TLS_AES_256_GCM_SHA384, 384 bit ECDH (P-384) Cipher order TLSv1:     ECDHE-RSA-AES256-SHA DHE-RSA-AES256-SHA DHE-RSA-CAMELLIA256-SHA AES256-SHA CAMELLIA256-SHA ECDHE-RSA-AES128-SHA DHE-RSA-AES128-SHA DHE-RSA-SEED-SHA DHE-RSA-CAMELLIA128-SHA AES128-SHA SEED-SHA CAMELLIA128-SHA TLSv1.1:   ECDHE-RSA-AES256-SHA DHE-RSA-AES256-SHA DHE-RSA-CAMELLIA256-SHA AES256-SHA CAMELLIA256-SHA ECDHE-RSA-AES128-SHA DHE-RSA-AES128-SHA DHE-RSA-SEED-SHA DHE-RSA-CAMELLIA128-SHA AES128-SHA SEED-SHA CAMELLIA128-SHA TLSv1.2:   ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA DHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-CHACHA20-POLY1305 DHE-RSA-CHACHA20-POLY1305 DHE-RSA-AES256-CCM8 DHE-RSA-AES256-CCM DHE-RSA-AES256-SHA256 DHE-RSA-AES256-SHA ECDHE-RSA-CAMELLIA256-SHA384 DHE-RSA-CAMELLIA256-SHA256 DHE-RSA-CAMELLIA256-SHA AES256-GCM-SHA384 AES256-CCM8 AES256-CCM AES256-SHA256 AES256-SHA CAMELLIA256-SHA256 CAMELLIA256-SHA ARIA256-GCM-SHA384 DHE-RSA-ARIA256-GCM-SHA384 ECDHE-ARIA256-GCM-SHA384 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-CCM8 DHE-RSA-AES128-CCM AES128-CCM8 AES128-CCM DHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA ECDHE-RSA-CAMELLIA128-SHA256 DHE-RSA-CAMELLIA128-SHA256 DHE-RSA-SEED-SHA DHE-RSA-CAMELLIA128-SHA AES128-GCM-SHA256 AES128-SHA256 AES128-SHA CAMELLIA128-SHA256 SEED-SHA CAMELLIA128-SHA ARIA128-GCM-SHA256 DHE-RSA-ARIA128-GCM-SHA256 ECDHE-ARIA128-GCM-SHA256 TLSv1.3:   TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 TLS_AES_128_GCM_SHA256

 Testing server defaults (Server Hello)

 TLS extensions (standard)    "renegotiation info/#65281" "server name/#0" "EC point formats/#11" "session ticket/#35" "supported versions/#43" "key share/#51" "max fragment length/#1" "encrypt-then-mac/#22" "extended master secret/#23" Session Ticket RFC 5077 hint 7200 seconds, session tickets keys seems to be rotated < daily SSL Session ID support       yes Session Resumption           Tickets no, ID: no TLS clock skew               Random values, no fingerprinting possible Signature Algorithm          SHA256 with RSA Server key size              RSA 2048 bits Server key usage             Digital Signature, Key Encipherment Server extended key usage    TLS Web Server Authentication, TLS Web Client Authentication Serial / Fingerprints F451FC38110BD0CC08D03E6975C05AC0 / SHA1 5EB402C1FB4020C1697E48931F68D11145D48F43 SHA256 C37816C37E38DAEF4758EC41EA9F332C08C9310CA63976BD5A294EE7D84B3CF0 Common Name (CN)             kumo.kites.org subjectAltName (SAN)         kumo.kites.org www.kumo.kites.org Issuer                       Sectigo RSA Domain Validation Secure Server CA (Sectigo Limited from GB) Trust (hostname)             Ok via SAN and CN (same w/o SNI) Chain of trust               Ok EV cert (experimental)       no ETS/"eTLS", visibility info  not present Certificate Validity (UTC)   364 >= 60 days (2019-10-10 20:00 --> 2020-10-09 19:59) # of certificates provided   6 (certificate list ordering problem) Certificate Revocation List  -- OCSP URI                     http://ocsp.sectigo.com OCSP stapling                not offered OCSP must staple extension   -- DNS CAA RR (experimental)    not offered Certificate Transparency     yes (certificate extension)

 Testing vulnerabilities

 Heartbleed (CVE-2014-0160)                not vulnerable (OK), no heartbeat extension CCS (CVE-2014-0224)                       not vulnerable (OK) Ticketbleed (CVE-2016-9244), experiment.  -- (applicable only for HTTPS) ROBOT                                     not vulnerable (OK) Secure Renegotiation (RFC 5746)           supported (OK) Secure Client-Initiated Renegotiation     not vulnerable (OK) CRIME, TLS (CVE-2012-4929)                not vulnerable (OK) (not using HTTP anyway) POODLE, SSL (CVE-2014-3566)               not vulnerable (OK) TLS_FALLBACK_SCSV (RFC 7507)              Downgrade attack prevention supported (OK) SWEET32 (CVE-2016-2183, CVE-2016-6329)    not vulnerable (OK) FREAK (CVE-2015-0204)                     not vulnerable (OK) DROWN (CVE-2016-0800, CVE-2016-0703)      not vulnerable on this host and port (OK) make sure you don't use this certificate elsewhere with SSLv2 enabled services https://censys.io/ipv4?q=C37816C37E38DAEF4758EC41EA9F332C08C9310CA63976BD5A2... could help you to find out LOGJAM (CVE-2015-4000), experimental      not vulnerable (OK): no DH EXPORT ciphers But: Unknown DH group (1024 bits) BEAST (CVE-2011-3389)                     TLS1: ECDHE-RSA-AES256-SHA DHE-RSA-AES256-SHA DHE-RSA-CAMELLIA256-SHA AES256-SHA CAMELLIA256-SHA ECDHE-RSA-AES128-SHA DHE-RSA-AES128-SHA DHE-RSA-SEED-SHA DHE-RSA-CAMELLIA128-SHA AES128-SHA SEED-SHA CAMELLIA128-SHA VULNERABLE -- but also supports higher protocols  TLSv1.1 TLSv1.2 (likely mitigated) LUCKY13 (CVE-2013-0169), experimental     potentially VULNERABLE, uses cipher block chaining (CBC) ciphers with TLS. Check patches RC4 (CVE-2013-2566, CVE-2015-2808)        no RC4 ciphers detected (OK)

 Testing 370 ciphers via OpenSSL plus sockets against the server, ordered by encryption strength

Hexcode  Cipher Suite Name (OpenSSL)       KeyExch. Encryption  Bits     Cipher Suite Name (IANA/RFC)

[redacted to reduce size]

 Running client simulations via sockets

 Android 8.1 (native)         TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 384 bit ECDH (P-384) Android 9.0 (native)         TLSv1.3 TLS_AES_128_GCM_SHA256, 384 bit ECDH (P-384) Java 6u45                    TLSv1.0 AES128-SHA, No FS Java 7u25                    TLSv1.0 ECDHE-RSA-AES128-SHA, 384 bit ECDH (P-384) Java 8u161                   TLSv1.2 ECDHE-RSA-AES256-SHA384, 384 bit ECDH (P-384) Java 11.0.2 (OpenJDK)        TLSv1.3 TLS_AES_128_GCM_SHA256, 384 bit ECDH (P-384) Java 12.0.1 (OpenJDK)        TLSv1.3 TLS_AES_128_GCM_SHA256, 384 bit ECDH (P-384) OpenSSL 1.0.1l               TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 384 bit ECDH (P-384) OpenSSL 1.0.2e               TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 384 bit ECDH (P-384) OpenSSL 1.1.0j (Debian)      TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 384 bit ECDH (P-384) OpenSSL 1.1.1b (Debian)      TLSv1.3 TLS_AES_256_GCM_SHA384, 384 bit ECDH (P-384) Thunderbird (60.6)           TLSv1.3 TLS_AES_128_GCM_SHA256, 384 bit ECDH (P-384)

 Done 2019-10-11 07:31:08 [ 170s] -->> 3.222.54.62:993 (kumo.kites.org) <<--

On 10/11/19 7:22 AM, C. James Ervin via dovecot wrote:

In setting up my new mail server, I am getting the following in the logs:

Oct 11 07:10:59 kumo dovecot[5704]: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=24.53.79.10, lip=172.26.12.90, *TLS handshaking: SSL_accept() syscall failed: Success*, session=