TLS handshaking: SSL_accept() failed: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher

our dovecot (2.0.9 on redhat) 10-ssl.conf file we have

ssl_cipher_list = kEECDH:+kEECDH+SHA:kEDH:+kEDH+SHA:+kEDH+CAMELLIA:kECDH:+kECDH+SHA:kRSA:+kRSA+SHA:+kRSA+CAMELLIA:!aNULL:!eNULL:!SSLv2:!RC4:!MD5:!DES:!EXP:!SEED:!IDEA:!3DES:!SSLv3

Offhand, I don't know of a fast way to match up client cipher specs and server cipher specs. The hard part is trying to figure out what the client is doing. Maybe you can turn on dovecot "verbose_ssl = yes" and that will dump SSL diagnostics logs to point out where server/client cipher negotiations fail.

You can also try and run "openssl s_server -cipher 'kEECDH:+...'" on an alternate port/host, point your client at it, and let this utility dump out the SSL cipher negotions.

Joseph Tam jtam.home@gmail.com