Re: openssl question
TLS handshaking: SSL_accept() failed: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher
our dovecot (2.0.9 on redhat) 10-ssl.conf file we have
ssl_cipher_list = kEECDH:+kEECDH+SHA:kEDH:+kEDH+SHA:+kEDH+CAMELLIA:kECDH:+kECDH+SHA:kRSA:+kRSA+SHA:+kRSA+CAMELLIA:!aNULL:!eNULL:!SSLv2:!RC4:!MD5:!DES:!EXP:!SEED:!IDEA:!3DES:!SSLv3
Offhand, I don't know of a fast way to match up client cipher specs and server cipher specs. The hard part is trying to figure out what the client is doing. Maybe you can turn on dovecot "verbose_ssl = yes" and that will dump SSL diagnostics logs to point out where server/client cipher negotiations fail.
You can also try and run "openssl s_server -cipher 'kEECDH:+...'" on an alternate port/host, point your client at it, and let this utility dump out the SSL cipher negotions.
Joseph Tam <jtam.home@gmail.com>
participants (1)
-
Joseph Tam