Dovecot and TLSv1 on ubuntu 22.04
Hello, I have ubuntu 22.04, dovecot 2.3.16 and old email client (Outlook 2013) and their dont support TLSv1_2. In dovecot 10-ssl.conf i put: ssl_min_protocol = TLSv1, in openssl.cnf i have: openssl_conf = default_conf
[ default_conf ] ssl_conf = ssl_section [ssl_section] system_default = ssl_default_sectq [ssl_default_sect] MinProtocol = TLSv1CipherString = DEFAULT:@SECLEVEL=1
but when i check openssl s_client -connect localhost:993 -tls1_1
have output:
CONNECTED(00000003) 803BD26AC67F0000:error:0A000126:SSL routines:ssl3_read_n:unexpected eof while reading:../ssl/record/rec_layer_s3.c:308:
no peer certificate available
No client certificate CA names sent
SSL handshake has read 0 bytes and written 111 bytes Verification: OK
New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.1 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: PSK identity: None PSK identity hint: None SRP username: None Start Time: 1668602712 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no
version tls1_2 and 1_3 works fine. What I doing wrong?Thanks for help.
Try setting SECLEVEL=0, also 2.3 is not officially supported by us on Ubuntu 22, so if it does not work, you'll have to bug the package maintainers.
Aki
On 24/11/2022 12:31 EET Six002 <six002@protonmail.com> wrote:
Hello, I have ubuntu 22.04, dovecot 2.3.16 and old email client (Outlook 2013) and their dont support TLSv1_2. In dovecot 10-ssl.conf i put: ssl_min_protocol = TLSv1, in openssl.cnf i have: openssl_conf = default_conf [ default_conf ] ssl_conf = ssl_section [ssl_section] system_default = ssl_default_sectq [ssl_default_sect] MinProtocol = TLSv1 CipherString = DEFAULT:@SECLEVEL=1
but when i check openssl s_client -connect localhost:993 -tls1_1 have output:
CONNECTED(00000003) 803BD26AC67F0000:error:0A000126:SSL routines:ssl3_read_n:unexpected eof while reading:../ssl/record/rec_layer_s3.c:308:
no peer certificate available
No client certificate CA names sent
SSL handshake has read 0 bytes and written 111 bytes Verification: OK
New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.1 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: PSK identity: None PSK identity hint: None SRP username: None Start Time: 1668602712 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no
version tls1_2 and 1_3 works fine. What I doing wrong? Thanks for help.
On Thu, Nov 24, 2022 at 1:34 PM Six002 <six002@protonmail.com> wrote:
Hello, I have ubuntu 22.04, dovecot 2.3.16 and old email client (Outlook 2013) and their dont support TLSv1_2. In dovecot 10-ssl.conf i put: ssl_min_protocol = TLSv1, in openssl.cnf i have: openssl_conf = default_conf [ default_conf ] ssl_conf = ssl_section [ssl_section] system_default = ssl_default_sectq [ssl_default_sect] MinProtocol = TLSv1 CipherString = DEFAULT:@SECLEVEL=1
but when i check openssl s_client -connect localhost:993 -tls1_1 have output:
CONNECTED(00000003) 803BD26AC67F0000:error:0A000126:SSL routines:ssl3_read_n:unexpected eof while reading:../ssl/record/rec_layer_s3.c:308:
no peer certificate available
No client certificate CA names sent
SSL handshake has read 0 bytes and written 111 bytes Verification: OK
New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.1 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: PSK identity: None PSK identity hint: None SRP username: None Start Time: 1668602712 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no
version tls1_2 and 1_3 works fine. What I doing wrong? Thanks for help.
Not to answer your question about TLS, but about Outlook. Your version of Outlook is outdated and seeing as you use Outlook with Dovecot, there is nothing special that you need Outlook for. Why not just switch to something like Thunderbird for a MuA?
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-)
participants (3)
-
Aki Tuomi
-
Odhiambo Washington
-
Six002