TLS handshake failure - Client Helo rejected

VB vitbenes at centrum.cz
Sun Oct 7 01:53:27 EEST 2018


Hi,

I can no longer connect to Dovecot (IMAP). The connection is terminated 
by Dovecot after Client Helo.

My server:
Dovecot 2.3.3
Debian buster/sid
Architecture: ppc

My problems started in late August after upgrading Dovecot.

SSL settings:
ssl_dh = </etc/ssl/dh2048.pem
ssl_min_protocol = TLSv1.2
ssl_cipher_list = 
ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
ssl_prefer_server_ciphers = yes

Client:
OS Android 6.0.1
Aquamail

Log from Dovecot:

Sep 15 23:19:02 debian2 dovecot: imap-login: Debug: SSL: where=0x10, 
ret=1: before SSL initialization
Sep 15 23:19:02 debian2 dovecot: imap-login: Debug: SSL: where=0x2001, 
ret=1: before SSL initialization
Sep 15 23:19:02 debian2 dovecot: imap-login: Debug: SSL: where=0x2002, 
ret=-1: before SSL initialization
Sep 15 23:19:02 debian2 dovecot: imap-login: Debug: SSL: where=0x2001, 
ret=1: before SSL initialization
Sep 15 23:19:02 debian2 dovecot: imap-login: Debug: SSL alert: 
where=0x4008, ret=598: fatal unknown
Sep 15 23:19:02 debian2 dovecot: imap-login: Debug: SSL: where=0x2002, 
ret=-1: error
Sep 15 23:19:02 debian2 dovecot: imap-login: Debug: SSL error: 
SSL_accept() failed: error:14209175:SSL 
routines:tls_early_post_process_client_hello:inappropriate fallback
Sep 15 23:19:02 debian2 dovecot: imap-login: Debug: SSL error: 
SSL_accept() syscall failed: Invalid argument
Sep 15 23:19:02 debian2 dovecot: imap-login: Disconnected (no auth 
attempts in 0 secs): user=<>, rip=XXX.XXX.XXX.XXX, 
lip=XXX.XXX.XXX.XXX,TLS handshaking: SSL_accept() syscall failed: 
Invalid argument, session=<XXXXXXXXXXX>

Log from client (Aquamail) is a bit longer (see attachment).


I have also listened to the communication using Wireshark. The last 
piece of communication is Client Helo. After the client sends Client 
Helo, there is no reply from Dovecot and the server closes the 
communication.

This is the Client Helo, in the "structured view" iin Wireshark:

|Secure Sockets Layer     TLSv1 Record Layer: Handshake Protocol: Client 
Hello         Content Type: Handshake (22)         Version: TLS 1.0 
(0x0301)         Length: 176         Handshake Protocol: Client Hello   
           Handshake Type: Client Hello (1)             Length: 172     
         Version: TLS 1.2 (0x0303)             Random: 
2b7af5ba92040f081a5a3621e9d9cbab2d50b829b7fe755f...             Session 
ID Length: 0             Cipher Suites Length: 62             Cipher 
Suites (31 suites)                 Cipher Suite: 
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)                 Cipher 
Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)                 
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)           
       Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)   
               Cipher Suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 
(0x009f)                 Cipher Suite: 
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e)                 Cipher 
Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d)                 Cipher 
Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)                 Cipher 
Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)                 
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)               
   Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024)       
           Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)   
               Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d)   
               Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)       
           Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) 
                 Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 
(0xc013)                 Cipher Suite: 
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)                 Cipher 
Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)                 
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)                 
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)                 
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x006b)               
   Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)               
   Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067)           
       Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)           
       Cipher Suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011)             
     Cipher Suite: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA (0xc007)             
     Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005)                 
Cipher Suite: TLS_RSA_WITH_RC4_128_MD5 (0x0004)                 Cipher 
Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)                 Cipher 
Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)                 Cipher 
Suite: TLS_FALLBACK_SCSV (0x5600)             Compression Methods 
Length: 1             Compression Methods (1 method)             
Extensions Length: 69             Extension: server_name (len=17)       
       Extension: extended_master_secret (len=0)             Extension: 
signature_algorithms (len=22)                 Type: signature_algorithms 
(13)                 Length: 22                 Signature Hash 
Algorithms Length: 20                 Signature Hash Algorithms (10 
algorithms)                     Signature Algorithm: rsa_pkcs1_sha512 
(0x0601)                     Signature Algorithm: ecdsa_secp521r1_sha512 
(0x0603)                     Signature Algorithm: rsa_pkcs1_sha384 
(0x0501)                     Signature Algorithm: ecdsa_secp384r1_sha384 
(0x0503)                     Signature Algorithm: rsa_pkcs1_sha256 
(0x0401)                     Signature Algorithm: ecdsa_secp256r1_sha256 
(0x0403)                     Signature Algorithm: SHA224 RSA (0x0301)   
                   Signature Algorithm: SHA224 ECDSA (0x0303)           
           Signature Algorithm: rsa_pkcs1_sha1 (0x0201)                 
     Signature Algorithm: ecdsa_sha1 (0x0203) |
|What I tried: |

  * |change all possible settings in Dovecot (ssl_min_protocol,
    ssl_cipher_list ...)|
  * |change certificate I use|

|I also got in touch with the developer of Aquamail (see our discussion 
here: https://www.aqua-mail.com/forum/index.php?topic=6824.0 ).|

|The developer was able to reproduce the handshake error. We believe 
that the problem is that Dovecot rejects ClientHello as long as it is 
wrapped in the TLSv1 Record Layer (see the second lilne in the Wireshark 
log). According to the developer, Dovecot should accept Client Helo 
wrapped in the TLSv1 Record Layer.|

|Thank you very much for your help. Best regards VB |

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20181007/1c7b8c37/attachment.html>
-------------- next part --------------
2018.09.15 23:27:57.268 +0200	[EXEC.2652]	Executing task [org.kman.AquaMail.mail.imap.ImapTask_Sync at 4988403, u = content://org.kman.AquaMail.data/accounts/2, t = 86965199, a = [org.kman.AquaMail.mail.MailAccount at 1206fe7: id = 2, username = XXXXXXX, email = XXXX at XXXXXX.XXX, name = XXXX at XXXXXX.XXX]] on Executor_Network#0
2018.09.15 23:27:57.269 +0200	[EXEC.2652]	Executing task [org.kman.AquaMail.mail.imap.ImapTask_Sync at 4988403, u = content://org.kman.AquaMail.data/accounts/2, t = 86965199, a = [org.kman.AquaMail.mail.MailAccount at 1206fe7: id = 2, username = XXXXXXX, email = XXXX at XXXXXX.XXX, name = XXXX at XXXXXX.XXX]]
2018.09.15 23:27:57.270 +0200	[MDATR.2652]	Using WiFi sync policy values
2018.09.15 23:27:57.270 +0200	[SYNC.2652]	SyncPolicy: mSyncByCount = 100, mCommandBatchSize = 25
2018.09.15 23:27:57.271 +0200	[LOCKS.2652]	acquire for 2, [org.kman.AquaMail.mail.imap.ImapTask_Sync at 4988403, u = content://org.kman.AquaMail.data/accounts/2, t = 86965199, a = [org.kman.AquaMail.mail.MailAccount at 1206fe7: id = 2, username = XXXXXXX, email = XXXX at XXXXXX.XXX, name = XXXX at XXXXXX.XXX]] on thread = Thread[Executor_Network#0,5,main], tid = 2652, thash = 02c90ff4
2018.09.15 23:27:57.272 +0200	[LOCKS.2652]	AccountSyncLock after pass:
Active: 1
Index = 0, lock = org.kman.AquaMail.core.AccountSyncLock$b at 2c38e98, accountId = 2, thread = Thread[Executor_Network#0,5,main], tid = 2652, thash = 02c90ff4, since = 2018-09-15 23:27:57:272
Queue: 0
2018.09.15 23:27:57.272 +0200	[NETWRK.2652]	Request for connection content://org.kman.AquaMail.data/accounts/2/in to [XXXXXX.XXX:143, tlsStrict, login = 0, pass = true, cert = false]
2018.09.15 23:27:57.273 +0200	[POWER.2652]	>>>>> Acquiring wake lock for MailConnectionManager
2018.09.15 23:27:57.273 +0200	[POWER.2652]	Acquired wake lock flag 0x01000000, result 0x05000000
2018.09.15 23:27:57.273 +0200	LockManager	... Wake lock already held
2018.09.15 23:27:57.274 +0200	[NETWRK.2652]	Semaphore acquire for [XXXXXX.XXX:143, tlsStrict, login = 0, pass = true, cert = false]
2018.09.15 23:27:57.274 +0200	[NETWRK.2652]	Connecting to [XXXXXX.XXX:143, tlsStrict, login = 0, pass = true, cert = false]
2018.09.15 23:27:57.274 +0200	[NETWRK.2652]	Resolving address for XXXXXX.XXX
2018.09.15 23:27:57.280 +0200	[CONCTR.1]	Service state change: uri: content://org.kman.AquaMail.data/accounts/2/out/231588601, what: 160, aux = 0x1234abcd
2018.09.15 23:27:57.281 +0200	AccountListShard	Send state: uri: content://org.kman.AquaMail.data/accounts/2/out/231588601, what: 160, aux = 0x1234abcd
2018.09.15 23:27:57.281 +0200	[CONCTR.1]	Service state change: uri: content://org.kman.AquaMail.data/accounts/2/out/231588601, what: 160, aux = 0x1234abcd
2018.09.15 23:27:57.282 +0200	[CONCTR.1]	Service state change: uri: content://org.kman.AquaMail.data/accounts/2/out/231588601, what: 161, aux = 0x001a
2018.09.15 23:27:57.282 +0200	AccountListShard	Send state: uri: content://org.kman.AquaMail.data/accounts/2/out/231588601, what: 161, aux = 0x001a
2018.09.15 23:27:57.283 +0200	[CONCTR.1]	Service state change: uri: content://org.kman.AquaMail.data/accounts/2/out/231588601, what: 161, aux = 0x001a
2018.09.15 23:27:57.283 +0200	AsyncDataLoaderImpl	Submit org.kman.AquaMail.data.AsyncDataLoader at 274dc81 item org.kman.AquaMail.view.d$c at 44636f1
2018.09.15 23:27:57.283 +0200	AsyncDataLoaderWorker_CONTACTS	Submit org.kman.AquaMail.data.AsyncDataLoader at 274dc81 item org.kman.AquaMail.view.d$c at 44636f1
2018.09.15 23:27:57.285 +0200	AsyncDataLoaderWorker_CONTACTS	Loading org.kman.AquaMail.view.d$c at 44636f1
2018.09.15 23:27:57.288 +0200	AsyncDataLoaderWorker_CONTACTS	Loading org.kman.AquaMail.view.d$c at 44636f1 took 3 ms
2018.09.15 23:27:57.298 +0200	AsyncDataLoaderImpl	Delivering org.kman.AquaMail.data.AsyncDataLoader at 274dc81 item org.kman.AquaMail.view.d$c at 44636f1
2018.09.15 23:27:57.354 +0200	[NETWRK.2652]	IPv4: XXXXXX.XXX/XXX.XXX.XXX.XXX
2018.09.15 23:27:57.355 +0200	[NETWRK.2652]	Trying: XXXXXX.XXX/XXX.XXX.XXX.XXX:143
2018.09.15 23:27:57.373 +0200	[NETWRK.2652]	Socket connection completed
2018.09.15 23:27:57.374 +0200	[NETWRK.2652]	Connection to [XXXXXX.XXX:143, tlsStrict, login = 0, pass = true, cert = false] completed: XXXXXX.XXX/XXX.XXX.XXX.XXX:143, time = 0.10 sec
2018.09.15 23:27:57.374 +0200	[NETWRK.2652]	Buffer sizes: 524288 send, 1132800 receive
2018.09.15 23:27:57.449 +0200	[IMAP_RAW.2652]	Data is <124>:
* OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS LOGINDISABLED] Dovecot (Debian) ready.

2018.09.15 23:27:57.449 +0200	[IMAP.2652]	Server greeting: * OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS LOGINDISABLED] Dovecot (Debian) ready.
2018.09.15 23:27:57.450 +0200	[IMAP.2652]	Server is Dovecot
2018.09.15 23:27:57.450 +0200	[NETWRK.2652]	Semaphore release for [XXXXXX.XXX:143, tlsStrict, login = 0, pass = true, cert = false]
2018.09.15 23:27:57.451 +0200	[IMAP.2652]	Sending: kman1 CAPABILITY
2018.09.15 23:27:57.455 +0200	[IMAP_RAW.2652]	Data is <171>:
* CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS LOGINDISABLED
kman1 OK Pre-login capabilities listed, post-login capabilities have more.

2018.09.15 23:27:57.455 +0200	[IMAP_RAW.2652]	Line: * CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS LOGINDISABLED
2018.09.15 23:27:57.456 +0200	[IMAP.2652]	Pre-login capabilities: CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS LOGINDISABLED
2018.09.15 23:27:57.456 +0200	[IMAP_RAW.2652]	Line: kman1 OK Pre-login capabilities listed, post-login capabilities have more.
2018.09.15 23:27:57.456 +0200	[IMAP.2652]	Result for kman1: 0 Pre-login capabilities listed, post-login capabilities have more., traffic: 171 read, 18 write
2018.09.15 23:27:57.456 +0200	[IMAP.2652]	Sending: kman2 STARTTLS
2018.09.15 23:27:57.459 +0200	[IMAP_RAW.2652]	Data is <37>:
kman2 OK Begin TLS negotiation now.

2018.09.15 23:27:57.460 +0200	[IMAP_RAW.2652]	Line: kman2 OK Begin TLS negotiation now.
2018.09.15 23:27:57.460 +0200	[IMAP.2652]	Result for kman2: 0 Begin TLS negotiation now., traffic: 37 read, 16 write
2018.09.15 23:27:57.475 +0200	[NETWRK.2652]	Request for startTls content://org.kman.AquaMail.data/accounts/2/in to [XXXXXX.XXX:143, tlsStrict, login = 0, pass = true, cert = false]
2018.09.15 23:27:57.475 +0200	[NETWRK.2652]	Semaphore acquire for [XXXXXX.XXX:143, tlsStrict, login = 0, pass = true, cert = false]
2018.09.15 23:27:57.475 +0200	[NETWRK.2652]	Reconnecting to [XXXXXX.XXX:143, tlsStrict, login = 0, pass = true, cert = false]
2018.09.15 23:27:57.476 +0200	[NETWRK.2652]	Using strict SSL/STARTTLS factory
2018.09.15 23:27:57.476 +0200	SSLHardening	Setting SSL ciphers: [TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA, TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, TLS_PSK_WITH_AES_256_CBC_SHA, TLS_PSK_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_PSK_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, TLS_FALLBACK_SCSV]
2018.09.15 23:27:57.476 +0200	SSLHardening	Setting SSL protocols: [TLSv1.2, TLSv1.1, TLSv1]
2018.09.15 23:27:57.490 +0200	[NETWRK.2652]	Closing socket SSL socket over Socket[unconnected]
2018.09.15 23:27:57.490 +0200	[NETWRK.2652]	Semaphore release for [XXXXXX.XXX:143, tlsStrict, login = 0, pass = true, cert = false]
2018.09.15 23:27:57.494 +0200	[NETWRK.2652]	***** ERROR: Unable to reconnect to [XXXXXX.XXX:143, tlsStrict, login = 0, pass = true, cert = false]
javax.net.ssl.SSLHandshakeException: Connection closed by peer
	at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
	at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:324)
	at com.android.org.conscrypt.OpenSSLSocketImpl.waitForHandshake(OpenSSLSocketImpl.java:629)
	at com.android.org.conscrypt.OpenSSLSocketImpl.getInputStream(OpenSSLSocketImpl.java:591)
	at org.kman.AquaMail.net.h.a(SourceFile:301)
	at org.kman.AquaMail.net.e.a(SourceFile:364)
	at org.kman.AquaMail.mail.imap.ImapTask.a(SourceFile:57)
	at org.kman.AquaMail.mail.imap.ImapTask_ConnectLogin.ac(SourceFile:106)
	at org.kman.AquaMail.mail.imap.ImapTask_Sync.a(SourceFile:123)
	at org.kman.AquaMail.core.k.a(SourceFile:77)
	at org.kman.AquaMail.core.l$b.run(SourceFile:621)
	at java.lang.Thread.run(Thread.java:818)

Last data:
kman2 STARTTLS
Result for kman2: 0 Begin TLS negotiation now.
Thread: Thread[Executor_Network#0,5,main], id: 2652

2018.09.15 23:27:57.495 +0200	[POWER.2652]	>>>>> Releasing wake lock for MailConnectionManager
2018.09.15 23:27:57.500 +0200	[POWER.2652]	Released wake lock flag 0x01000000, result 0x04000000
2018.09.15 23:27:57.501 +0200	MailStateWatcher	Service state change uri: content://org.kman.AquaMail.data/accounts/2, what: 121, aux = 0xffffffff
2018.09.15 23:27:57.527 +0200	KeepAliveService	Facade: stop
2018.09.15 23:27:57.527 +0200	MailStateWatcher	Removed default notificaiton
2018.09.15 23:27:57.528 +0200	MailStateWatcher	Showing account error notification, acct XXXX at XXXXXX.XXX, id 0x1000002, message Trvalé síťové chyby příchozího serveru
2018.09.15 23:27:57.542 +0200	KeepAliveService	gNotificationManager.cancel
2018.09.15 23:27:57.550 +0200	KeepAliveService	onDestroy
2018.09.15 23:27:57.613 +0200	[TASKS.2652]	***** ERROR: IOException caught in processTask for [org.kman.AquaMail.mail.imap.ImapTask_Sync at 4988403, u = content://org.kman.AquaMail.data/accounts/2, t = 86965199, a = [org.kman.AquaMail.mail.MailAccount at 1206fe7: id = 2, username = XXXXXXX, email = XXXX at XXXXXX.XXX, name = XXXX at XXXXXX.XXX]]
javax.net.ssl.SSLHandshakeException: Connection closed by peer
	at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
	at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:324)
	at com.android.org.conscrypt.OpenSSLSocketImpl.waitForHandshake(OpenSSLSocketImpl.java:629)
	at com.android.org.conscrypt.OpenSSLSocketImpl.getInputStream(OpenSSLSocketImpl.java:591)
	at org.kman.AquaMail.net.h.a(SourceFile:301)
	at org.kman.AquaMail.net.e.a(SourceFile:364)
	at org.kman.AquaMail.mail.imap.ImapTask.a(SourceFile:57)
	at org.kman.AquaMail.mail.imap.ImapTask_ConnectLogin.ac(SourceFile:106)
	at org.kman.AquaMail.mail.imap.ImapTask_Sync.a(SourceFile:123)
	at org.kman.AquaMail.core.k.a(SourceFile:77)
	at org.kman.AquaMail.core.l$b.run(SourceFile:621)
	at java.lang.Thread.run(Thread.java:818)

Last data:
kman2 STARTTLS
Result for kman2: 0 Begin TLS negotiation now.
Thread: Thread[Executor_Network#0,5,main], id: 2652

2018.09.15 23:27:57.613 +0200	[NETWRK.2652]	Aborting the connection [content://org.kman.AquaMail.data/accounts/2/in, not conn]


More information about the dovecot mailing list