SSL certificate problem (SSL alert number 42)

Alexander Weber weber at dimensional.de
Wed Jul 23 07:02:29 UTC 2014


hey there,

got the same issue a few days ago, reported a bug at 
https://bugzilla.mozilla.org/show_bug.cgi?id=1036338

it is a error in Thunderbird 31,32,33


On 23.07.2014 06:16, Boyandin Konstantin wrote:
> Hello,
>
> After client (Thunderbird, now version 31.0) updated today, it stopped connecting to Dovecot IMAP4S. The infamous "SSL alert number 42" is reported.
>
> Mail server uses local (created for intranet) CA certificate as root.
>
> I would appreciate pieces of advice on how to handle that without enabling plaintext authentication over insecure channels.
>
> Other intranet services work with this local CA quite fine.
>
> Thank you in advance. Required data:
>
> # dovecot --version
> 2.0.9
>
> # doveconf -n
>
> # 2.0.9: /etc/dovecot/dovecot.conf
> # OS: Linux 2.6.32-431.5.1.el6.x86_64 x86_64 CentOS release 6.5 (Final)
> auth_username_format = %n
> default_process_limit = 1200
> disable_plaintext_auth = yes
> first_valid_uid = 300
> mail_location = mbox:~/mail:INBOX=/var/mail/%n
> mail_privileged_group = mail
> mbox_write_locks = fcntl
> passdb {
>    driver = pam
> }
> protocols = imap pop3
> service anvil {
>    client_limit = 6000
> }
> service auth {
>    client_limit = 6000
> }
> ssl_ca = </etc/pki/company/cacert.pem
> ssl_cert = </etc/pki/company/company.crt
> ssl_cipher_list = ALL:!LOW
> ssl_key = </etc/pki/company/company.key
> userdb {
>    driver = passwd
> }
> verbose_ssl = yes
>
>
> Records posted to Dovecot log file:
>
> Jul 23 11:01:26 mailserver dovecot: imap-login: Warning: SSL: where=0x10, ret=1: before/accept initialization [10.x.x.x]
> Jul 23 11:01:26 mailserver dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: before/accept initialization [10.x.x.x]
> Jul 23 11:01:26 mailserver dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv2/v3 read client hello A [10.x.x.x]
> Jul 23 11:01:26 mailserver dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 read client hello A [10.x.x.x]
> Jul 23 11:01:26 mailserver dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write server hello A [10.x.x.x]
> Jul 23 11:01:26 mailserver dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write certificate A [10.x.x.x]
> Jul 23 11:01:26 mailserver dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write key exchange A [10.x.x.x]
> Jul 23 11:01:26 mailserver dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write server done A [10.x.x.x]
> Jul 23 11:01:26 mailserver dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 flush data [10.x.x.x]
> Jul 23 11:01:26 mailserver dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A [10.x.x.x]
> Jul 23 11:01:26 mailserver dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A [10.x.x.x]
> Jul 23 11:01:26 mailserver dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 read client key exchange A [10.x.x.x]
> Jul 23 11:01:26 mailserver dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 read finished A [10.x.x.x]
> Jul 23 11:01:26 mailserver dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write session ticket A [10.x.x.x]
> Jul 23 11:01:26 mailserver dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write change cipher spec A [10.x.x.x]
> Jul 23 11:01:26 mailserver dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write finished A [10.x.x.x]
> Jul 23 11:01:26 mailserver dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 flush data [10.x.x.x]
> Jul 23 11:01:26 mailserver dovecot: imap-login: Warning: SSL: where=0x20, ret=1: SSL negotiation finished successfully [10.x.x.x]
> Jul 23 11:01:26 mailserver dovecot: imap-login: Warning: SSL: where=0x2002, ret=1: SSL negotiation finished successfully [10.x.x.x]
> Jul 23 11:01:26 mailserver dovecot: imap-login: Warning: SSL alert: where=0x4004, ret=554: fatal bad certificate [10.x.x.x]
> Jul 23 11:01:26 mailserver dovecot: imap-login: Warning: SSL alert: where=0x4008, ret=256: warning close notify [10.x.x.x]
> Jul 23 11:01:26 mailserver dovecot: imap-login: Disconnected (no auth attempts): rip=10.x.x.x, lip=10.y.y.y, TLS: SSL_read() failed: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate: SSL alert number 42
>
>
> Sincerely,
> Konstantin
>



More information about the dovecot mailing list