[Dovecot] problems with imaps
Joseph Tam
jtam.home at gmail.com
Sat Feb 23 01:48:33 EET 2013
On 2013-02-22, Matthias Leopold wrote:
> with thunderbird 10.0.12 i can't connect to port 993 and get errors in
> the logs like
>
> TLS: SSL_read() failed: error:14094412:SSL
> routines:SSL3_READ_BYTES:sslv3 alert bad certificate
>
> (certificate generated by dovecot mkcert.sh)
I haven't come across any problems with our use of self-signed
certificates, but I run the latest 2.1.x dovecot so maybe there's
some SSL changes between our version and your's.
The fact that the same certificate works for other clients, and also
for TLS on Thunderbird seem to suggest Thunderbird is fumbling it.
But maybe you can try the command diagnostic from the command line
"openssl s_client -connect yourserver:993 ..." or use one of the online
certificate checkers to get some useful diagnostics.
> TLS: SSL_read() failed: error:14094418:SSL
> routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
This error entry pops up in my logs once in a while. I think the error
might be misleading since the error message happen in the middle of a
long sequence of successful connections.
Also check that the client is actually using the right security mode
(not TLS or clear), perhaps by doing a network snoop.
Joseph Tam <jtam.home at gmail.com>
More information about the dovecot
mailing list