On 2013-02-22, Matthias Leopold wrote:

with thunderbird 10.0.12 i can't connect to port 993 and get errors in the logs like

TLS: SSL_read() failed: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate

(certificate generated by dovecot mkcert.sh)

I haven't come across any problems with our use of self-signed certificates, but I run the latest 2.1.x dovecot so maybe there's some SSL changes between our version and your's.

The fact that the same certificate works for other clients, and also for TLS on Thunderbird seem to suggest Thunderbird is fumbling it. But maybe you can try the command diagnostic from the command line "openssl s_client -connect yourserver:993 ..." or use one of the online certificate checkers to get some useful diagnostics.

TLS: SSL_read() failed: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca

This error entry pops up in my logs once in a while. I think the error might be misleading since the error message happen in the middle of a long sequence of successful connections.

Also check that the client is actually using the right security mode (not TLS or clear), perhaps by doing a network snoop.

Joseph Tam jtam.home@gmail.com