Hello,
I don’t know who will read this message, but I found this thread:
https://www.mail-archive.com/search?l=dovecot@dovecot.org&q=subject:%22Dovecot+2.3.0+TLS%22&o=newest
And I’m expected the same issue, I will try to explain to you (english is not my native language, sorry)
Since Buster update, so Dovecot update too, I’m not able to connect to my mail server from my iOS mail client (12.2)
Thunderbird just work fine.
Here is my configuration:
Debian Buster (amd64)
Dovecot: 2.3.4.1
Postfix : 3.4.5
OpenSSL: 1.1.1c
Dovecot configuration file:
ssl_min_protocol = TLSv1.2 (I tried different version)
When I tried to connect with command line: openssl s_client -showcerts -connect server:993
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 2322 bytes and written 392 bytes
Verification error: unable to verify the first certificate
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 21 (unable to verify the first certificate)
When I tried to connect with command line: openssl s_client -showcerts -no_tls1_3 -connect server:993
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 2423 bytes and written 310 bytes
Verification error: unable to verify the first certificate
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
I think the “Secure Renegotiation IS NOT supported” with tls 1.3 could be an issue, but I don’t what to do to fix the issue ?
Could you help me ?
Let me know if you need more informations.
Thank you.
Regards,
Alex