TLS problem after upgrading from v2.2 to v2.3

Jan Vejvalka jan.vejvalka at lfmotol.cuni.cz
Thu Jan 4 20:56:30 EET 2018


Hi *,

The change in default SSL settings between 2.2 and 2.3 cut off a few
clients; Microsoft-hosted Exchange (?) being one of them:

Jan  4 11:02:56 kremail dovecot: pop3-login: Disconnected (no auth 
attempts in 0 secs): user=<>, rip=40.101.4.hisip, lip=myip, TLS 
handshaking: SSL_accept() failed: error:1408A0C1:SSL 
routines:SSL3_GET_CLIENT_HELLO:no shared cipher, session=<8SGob/BhTdcoZQS1>

Explicitly setting ssl_cipher_list to the old defaults helped:
ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL

Does someone have an idea what to recommend to the poor user or should
I accept that I stay with the old defaults ? The guy is cooperative, so
we can find out which of the !'s in the new defaults actually breaks the
connection... if you think it's worth.

Thanks for your help,

Jan


More information about the dovecot mailing list