Charles Marcus CMarcus@Media-Brokers.com wrote:
2014-04-18T15:54:07-04:00 dinkumthinkum dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, TLS handshaking: SSL_accept() failed: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate: SSL alert number 42, rip=99.14.24.224, lport=143
Not a huge number, but enough to be concerning...
Could this just be from cached junk from some clients, and they will resolve themselves over time?
Short answer: maybe. I got these errors when I switched from a self-signed to CA signed cert, and the client had an open mail session:
Feb 22 02:10:32 imap-login: Disconnected (no auth attempts in 0
secs): user=<>, rip=x.x.x.x, lip=y.y.y.y, TLS: SSL_read() failed:
error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown
ca: SSL alert number 48, session=<w4Lm8vvypgCJUgmg>
Not quite the same as your's, but if you call the client up and ask them to restart their mail client, I'm fairly confident these will go away, as for my user.
You might get some weirdness if for some reason the client does not have the intermediate CAs cached. I ran into this problem with our certs -- some RH distributions did have the intermediate CA certs in its store.
Joseph Tam jtam.home@gmail.com