CentOS 7
Dovecot 2.2.36
Nov 14 07:13:08 mail dovecot: pop3-login: Disconnected (no auth attempts in 0 secs):
user=<>, rip=73.0.0.0, lip=192.64.118.242, TLS handshaking: SSL_accept() failed:
error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher,
session=<>
Was working fine for over a year, until the cert expired and I replaced it.
I've tried the good cert I have for https and I used the Dovecot.org script to generate a self-signed certificate.
10-ssl.conf
## SSL settings
#ssl = required
ssl = yes
#ssl = no
ssl_cert = </etc/pki/dovecot/certs/mydomain.com.crt
ssl_key = </etc/pki/dovecot/private/mydomain.com.key
#ssl_ca =
#ssl_require_crl = yes
#ssl_client_ca_dir =
#ssl_client_ca_file =
#ssl_verify_client_cert = no
#ssl_cert_username_field = commonName
#ssl_dh_parameters_length = 1024
#ssl_protocols = !SSLv3
# SSL ciphers to use
# ols values ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL
ssl_cipher_list = ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK: !RC4:!ADH:!LOW@STRENGTH
# Prefer the server's order of ciphers over client's.
#ssl_prefer_server_ciphers = no
# Prefer the server's order of ciphers over client's.
#ssl_prefer_server_ciphers = no
# SSL crypto device to use, for valid values run "openssl engine"
#ssl_crypto_device =
# SSL extra options. Currently supported options are:
# no_compression - Disable compression.
# no_ticket - Disable SSL session tickets.
#ssl_options =
===========================
# openssl x509 -dates -in mydomain.com.crt
notBefore=Nov 11 16:31:35 2020 GMT
notAfter=Nov 11 16:31:35 2022 GMT
-----BEGIN CERTIFICATE-----
:
===========================
# openssl pkey -in mydomain.com.key
-----BEGIN PRIVATE KEY-----
:
Thanks for taking a look. Any ideas on what I should do next to debug?
Mike