Ok, i understand the difference.

openssl s_client -starttls imap -connect mail.mydomain:143
openssl s_client -connect mail.mydomain:993

these command runs as expected.

i know this forum isn2T about thunderbird but, when setup account in thunderbird 993 port and with SSL,

i see this line on dovecot.log

TLS handshaking: SSL_accept() failed: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher

our dovecot (2.0.9 on redhat) 10-ssl.conf file we have

ssl_cipher_list = kEECDH:+kEECDH+SHA:kEDH:+kEDH+SHA:+kEDH+CAMELLIA:kECDH:+kECDH+SHA:kRSA:+kRSA+SHA:+kRSA+CAMELLIA:!aNULL:!eNULL:!SSLv2:!RC4:!MD5:!DES:!EXP:!SEED:!IDEA:!3DES:!SSLv3

settings.

this settings is correct for dovecot ? if they correct , can we say there is problem for thunderbird ? :)

thanks in advance

On Tue, Jan 9, 2018 at 3:59 AM, Joseph Tam <jtam.home@gmail.com> wrote:

but i try to this command

openssl s_client -connect mail.mydomain:pop3s -starttls imap

it says CONNECTED and hang. second command is correct?

Uh, "pop3s" != "imap", and IMAP/STARTTLS is not the same as IMAP/SSL (or whatever the hell the terminology is nowadays).

If you're testing IMAP, try one or the other or both depending
of how many flavours of SSL you got going.

openssl s_client -starttls imap -connect mail.mydomain:143
openssl s_client -connect mail.mydomain:993

Joseph Tam <jtam.home@gmail.com>

Selçuk YAZAR
http://www.selcukyazar.blogspot.com