transition from 1.x to 2? What did I break?
It’s been awhile since I set up my dovecot instance (like several years) and my transition from 1.x to 2 seems to have not gone well: all I can see is that authentication is banjaxed and I’m not sure what needs to be done to fix it.
# 2.2.32 (dfbe293d4): /usr/local/etc/dovecot/dovecot.conf
# OS: FreeBSD 10.3-STABLE i386
auth_debug = yes
auth_mechanisms = plain login
listen = *,[::]
log_path = /var/log/dovecot.log
mail_access_groups = mail
mail_location = /var/mail/%u
mail_privileged_group = mail
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
driver = pam
}
passdb {
driver = pam
}
passdb {
driver = pam
}
protocols = imap
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
user = root
}
ssl_cert = </etc/ssl/certs/dovecot.pem
userdb {
driver = passwd
}
userdb {
driver = passwd
}
userdb {
driver = passwd
}
protocol lda {
postmaster_address = postmaster@redacted
quota_full_tempfail = no
}
Sep 02 07:54:08 imap-login: Info: Disconnected (no auth attempts in 0 secs): user=<>, rip=192.168.0.1, lip=192.168.0.25, TLS handshaking: SSL_accept() failed: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher, session=<2hS8DDZYyN7AqAAB> Sep 02 07:54:08 auth: Debug: auth client connected (pid=47645) Sep 02 07:54:08 imap-login: Info: Disconnected (no auth attempts in 0 secs): user=<>, rip=192.168.0.1, lip=192.168.0.25, TLS handshaking: SSL_accept() failed: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher, session=<SFK8DDZYyt7AqAAB> Sep 02 07:54:54 auth: Warning: auth client 0 disconnected with 2 pending requests: EOF Sep 02 07:55:19 auth: Debug: auth client connected (pid=47714) Sep 02 07:55:19 imap-login: Info: Disconnected (no auth attempts in 0 secs): user=<>, rip=192.168.0.1, lip=192.168.0.25, TLS handshaking: SSL_accept() failed: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher, session=<WbD0EDZY2N7AqAAB> Sep 02 07:55:19 auth: Debug: auth client connected (pid=47716) Sep 02 07:55:19 imap-login: Info: Disconnected (no auth attempts in 0 secs): user=<>, rip=192.168.0.1, lip=192.168.0.25, TLS handshaking: SSL_accept() failed: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher, session=<1Qb1EDZY2d7AqAAB>
Am Samstag, den 02.09.2017, 09:27 -0700 schrieb Paul Beard:
It’s been awhile since I set up my dovecot instance (like several years) and my transition from 1.x to 2 seems to have not gone well: all I can see is that authentication is banjaxed and I’m not sure what needs to be done to fix it.
Sep 02 07:54:08 imap-login: Info: Disconnected (no auth attempts in 0 secs): user=<>, rip=192.168.0.1, lip=192.168.0.25, TLS handshaking: SSL_accept() failed: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher, session=<2hS8DDZYyN7AqAAB>
Hello Paul,
I had that no shared cipher error also when I used a certificate from StartSSL and my old mobile phone with Android 4.1. So what certificate and client do you use? Probable the SSL version of that client is just too old.
Regards Felix
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Sat, 2 Sep 2017, Paul Beard wrote:
It’s been awhile since I set up my dovecot instance (like several years) and my transition from 1.x to 2 seems to have not gone well: all I can see is that authentication is banjaxed and I’m not sure what needs to be done to fix it.
Did you tested, if SSL works at all? https://wiki2.dovecot.org/SSL/DovecotConfiguration
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEVAwUBWa5hZ3z1H7kL/d9rAQJ8vwgAhggJ7RGa3XQkTXpBQBAgDTQT6hjfZard OGjyJW276tUh2cXlZDP8PQpwAO/jKf5IdKyfCjT8X8bUPkjkSfRLJLiY1hlp0/EK TorRjcAczvHmfKXIziuIe482CRTq1tMjKcjZz9KzTT8JisaAaClwlHSN+o5jdU4F r9P3kzIoatTiPGsRF5WAAZZ3/keVgeabRaB1wL8nfmUnGzrX7GuxHbWSOy75sT26 /z5Rphr+KO4WYeyAdxx+xmR3p7n4mcYkzgE4LZDYYLxw2t1gGGBB7m9fu3BoytNh 8MyehqjLtu3lK3tiOwlJfBpiFLF5+5DzFUfPdU3UeHICadFj61QQoA== =f01n -----END PGP SIGNATURE-----
On Sep 5, 2017, at 1:33 AM, Steffen Kaiser <skdovecot@smail.inf.fh-brs.de> wrote:
Did you tested, if SSL works at all? https://wiki2.dovecot.org/SSL/DovecotConfiguration <https://wiki2.dovecot.org/SSL/DovecotConfiguration>
No, it never did after the upgrade and I couldn’t figure out how to resolve it. So I just uninstalled dovecot.
participants (3)
-
Felix Zielcke
-
Paul Beard
-
Steffen Kaiser