On 19.07.2019 0:24, Reio Remma via dovecot wrote:
I'm attempting to get Dovecot working with MySQL user database on
another machine. I can connect to the MySQL (5.7.26) instance with SSL
enabled:
mysql -h db.mrst.ee --ssl-ca=/etc/dovecot/ca.pem
--ssl-cert=/etc/dovecot/client-cert.pem
--ssl-key=/etc/dovecot/client-key.pem --ssl-cipher=DHE-RSA-AES256-SHA
-u vmail -p
However if I use the same values in dovecot-sql.conf.ext, I get the
following error:
Jul 19 00:20:18 turin dovecot: auth-worker(82996): Error:
mysql(db.mrst.ee): Connect failed to database (vmail): SSL connection
error: protocol version mismatch - waiting for 1 seconds before retry
Jul 19 00:20:19 turin dovecot: auth-worker(82996): Error:
mysql(db.mrst.ee): Connect failed to database (vmail): Connections
using insecure transport are prohibited while
--require_secure_transport=ON. - waiting for 5 seconds before retry
Database connection string:
connect = host=db.mrst.ee dbname=vmail user=vmail password=stuff \
ssl_ca=/etc/dovecot/ca.pem \
ssl_cert=/etc/dovecot/client-cert.pem \
ssl_key=/etc/dovecot/client-key.pem \
ssl_cipher=DHE-RSA-AES256-SHA
Update: I got it to connect successfully now after downgrading the MySQL
server tls-version from TLSv1.1 to TLSv1.
Is there a reason why Dovecot MySQL doesn't support TLSv1.1?
Thanks!
Reio
Dovecot mysql uses libmysqlclient. We do not enforce any particular tls protocol version. If it requires you to downgrade I suggest you review your client my.cnf for any restrictions.