Recently thunderbird and Dovecot IMAPS cannot agree on SSL however Evolution, on the exact same system, is working fine with the same accounts. Tried recreating the Dovecot cert and also the thunderbird accounts from scratch. The OpenSSL raw client works fine as well.
Would someone also confirm the openssl commands to create a selfsigned cert for dovecot imaps. They cert created does work with evolution; just not thunderbird.
Thoughts?
Apr 8 18:10:18 hh dovecot: imap-login: Debug: SSL error: SSL_accept() failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate: SSL alert number 42 Apr 8 18:10:18 hh dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=000, lip=0000 TLS handshaking: SSL_accept() failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate: SSL alert number 42, session=<--> Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x10, ret=1: before SSL initialization Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: before SSL initialization Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS read client hello Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write server hello Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write change cipher spec Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: TLSv1.3 write encrypted extensions Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write certificate Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: TLSv1.3 write server certificate verify Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write finished Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: TLSv1.3 early data Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: TLSv1.3 early data Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: TLSv1.3 early data Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: TLSv1.3 early data Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: TLSv1.3 early data Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL alert: where=0x4004, ret=554: fatal bad certificate Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: error Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL error: SSL_accept() failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate: SSL alert number 42 Apr 8 18:10:19 firewall dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=000, lip=00, TLS handshaking: SSL_accept() failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate: SSL alert number 42, session=<--->
reference http://forums.debian.net/viewtopic.php?f=5&t=145849