problem with client using TLS
Hello!
On my testserver running CentOS8 I have installed dovecot v2.3.8.
I can connect to the server using claws-mail on my PC but can't using K9-mail on android device.
Jul 18 12:24:57 imap-login: Debug: SSL: where=0x10, ret=1: before SSL initialization Jul 18 12:24:57 imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization Jul 18 12:24:57 imap-login: Debug: SSL: where=0x2002, ret=-1: before SSL initialization Jul 18 12:24:57 imap-login: Debug: SSL: where=0x2002, ret=-1: before SSL initialization Jul 18 12:24:57 imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization Jul 18 12:24:57 imap-login: Debug: SSL alert: where=0x4008, ret=582: fatal protocol version Jul 18 12:24:57 imap-login: Debug: SSL: where=0x2002, ret=-1: error Jul 18 12:24:57 imap-login: Debug: SSL error: SSL_accept() failed: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol Jul 18 12:24:57 imap-login: Info: Disconnected (no auth attempts in 0 secs): user=<>, rip=87.182.44.142, lip=185.84.81.115, TLS handshaking: SSL_accept() failed: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol, session=<uppwr7SqrrpXtiyO> Jul 18 12:24:57 imap-login: Debug: SSL error: SSL_accept() syscall failed: Invalid argument
Tried different settings without luck.
grep -v '^#' 10-ssl.conf ssl = yes ssl_cert = </etc/letsencrypt/live/smtp.dualbit.de/fullchain.pem ssl_key = </etc/letsencrypt/live/smtp.dualbit.de/privkey.pem ssl_dh = </etc/dovecot/dh.pem ssl_min_protocol = TLSv1.2 ssl_cipher_list = PROFILE=SYSTEM ssl_prefer_server_ciphers = yes
Can somebody help solving this?
Kind regards
Andreas
Hello!
Benny Pedersen <me@junc.eu> schrieb am 18.07.20 um 13:04:37 Uhr:
ratatouille skrev den 2020-07-18 12:33:
ssl_min_protocol = TLSv1.2 ssl_cipher_list = PROFILE=SYSTEM ssl_prefer_server_ciphers = yes
comment this lines, then i belive k9 works
if it still does not, then drop k9 mail
Commenting just ssl_min_protocol = TLSv1.2 seems to solve the problem. So I have the default ssl_min_protocol = TLSv1
Thank you!
Andreas
18.07.2020, 14:30, Benny Pedersen <me@junc.eu>ratatouille skrev den 2020-07-18 13:20:
Commenting just ssl_min_protocol = TLSv1.2 seems to solve the problem. So I have the default ssl_min_protocol = TLSv1
with means that the device running k9 is not supporting TLS 1.2 yet
TLS 1.2 is enabled by default in Android versions 5.0 and newer. For earlier Android versions, K9 has (or used to have) a setting to "harden" its SSL/TLS settings, which enables TLS 1.2 as far back as 4.3 or something. -- K
"Konstantin Vasilyev" <kmansoft@rambler.ru> schrieb am 18.07.20 um 16:16:55 Uhr:
18.07.2020, 14:30, Benny Pedersen <me@junc.eu>ratatouille skrev den 2020-07-18 13:20:
Commenting just ssl_min_protocol = TLSv1.2 seems to solve the problem. So I have the default ssl_min_protocol = TLSv1
with means that the device running k9 is not supporting TLS 1.2 yet
TLS 1.2 is enabled by default in Android versions 5.0 and newer. For earlier Android versions, K9 has (or used to have) a setting to "harden" its SSL/TLS settings, which enables TLS 1.2 as far back as 4.3 or something. -- K
The android runs Version 4.0.3 ;) Don't know how to enable TLS 1.2.
Andreas
18.07.2020, 16:32, ratatouille <ratatouille@bitclusive.de>"Konstantin Vasilyev" <kmansoft@rambler.ru> schrieb am 18.07.20 um 16:16:55 Uhr:
18.07.2020, 14:30, Benny Pedersen <me@junc.eu>ratatouille skrev den 2020-07-18 13:20:
Commenting just ssl_min_protocol = TLSv1.2 seems to solve the problem. So I have the default ssl_min_protocol = TLSv1
with means that the device running k9 is not supporting TLS 1.2 yet
TLS 1.2 is enabled by default in Android versions 5.0 and newer. For earlier Android versions, K9 has (or used to have) a setting to "harden" its SSL/TLS settings, which enables TLS 1.2 as far back as 4.3 or something. -- K
The android runs Version 4.0.3 ;) Don't know how to enable TLS 1.2.
Andreas
Oh well. Android supports TLS 1.2 at all since version 4.1 - so the setting I'd mentioned above won't have helped anyway. https://developer.android.com/reference/javax/net/ssl/SSLSocket -- K
Konstantin Vasilyev skrev den 2020-07-18 15:16:
TLS 1.2 is enabled by default in Android versions 5.0 and newer.
if its androud before 5.0 there we go
For earlier Android versions, K9 has (or used to have) a setting to "harden" its SSL/TLS settings, which enables TLS 1.2 as far back as 4.3 or something.
does not work if its not android 5.0 or never
participants (3)
-
Benny Pedersen
-
Konstantin Vasilyev
-
ratatouille