nothing comenting about more knowledgable, but ssl3 nobody uses. it is even adviced not to use tls 1.1 and below
Separate subject, but couldn't help but notice, SSL3 is being used? Wasn't SSL3 retired because of POODLE exploits? Can someone more knowledgeable confirm?
On 9/7/21 11:05, Steve Dondley wrote:
On 2021-09-07 01:25 PM, Amol Kulkarni wrote:
Hello, After I replaced my certificate with a new one yesterday, I'm
seeing some ssl related errors. There are successful pop/imap logins using SSL also. So I think the certificate in itself is fine. No user has complained as yet, so I don't know for sure. However the count of errors has surely increased after installing the new certificate. There are 2 errors seen : dovecot: imap-login: Disconnected (no auth attempts in 1 secs): user=<>, rip=, lip =, TLS handshaking: SSL_accept() failed: error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown: SSL alert number 46, session=<9m0AnVnL 2pHf4hso>
dovecot: imap-login: Disconnected (no auth attempts in 0
secs): user=<>, rip=, lip =, TLS: SSL_read() failed: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate: SSL alert number 42, session=<ww/b6VfLmeR7yTog>
Kindly help with some pointers. Thanks and Regards, Amol
I assume you tried restarting dovecot, but just in case...