TLS problem after upgrading from v2.2 to v2.3
Jan Vejvalka
jan.vejvalka at lfmotol.cuni.cz
Thu Jan 4 20:56:30 EET 2018
Hi *,
The change in default SSL settings between 2.2 and 2.3 cut off a few
clients; Microsoft-hosted Exchange (?) being one of them:
Jan 4 11:02:56 kremail dovecot: pop3-login: Disconnected (no auth
attempts in 0 secs): user=<>, rip=40.101.4.hisip, lip=myip, TLS
handshaking: SSL_accept() failed: error:1408A0C1:SSL
routines:SSL3_GET_CLIENT_HELLO:no shared cipher, session=<8SGob/BhTdcoZQS1>
Explicitly setting ssl_cipher_list to the old defaults helped:
ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL
Does someone have an idea what to recommend to the poor user or should
I accept that I stay with the old defaults ? The guy is cooperative, so
we can find out which of the !'s in the new defaults actually breaks the
connection... if you think it's worth.
Thanks for your help,
Jan
More information about the dovecot
mailing list