sometimes no shared cipher after upgrade from 2.2 to 2.3

Lefteris Tsintjelis lefty at spes.gr
Wed Aug 21 19:35:45 EEST 2019


On 21/8/2019 18:51, Kristijan Savic - ratiokontakt GmbH via dovecot wrote:
>   
>> SSL3 is no longer included in the cipher sets. Try this:
>>
>> ssl_min_protocol = SSLv3
> 
> Thanks. Unfortunately, no dice - same error.
> 
> Any other tips? I was under the impression "no shared cipher" was rather the
> problem?

Yes this is exactly the problem but the error is specific to SSL3 shared 
ciphers.

routines:ssl3_get_client_hello:no shared cipher

You may also want to add this

ssl_cipher_list = ALL

Basically you should focus as to why SSL3 ciphers are not activated. If 
the above parameter did not work, it is very possible the openssl 
distribution you have has not included SSL3 support at all. You may have 
to do some recompiling if this is the case.

If your old clients are only from your internal net and you do not 
provide any ISP like services you may consider upgrading the clients as 
you will have quite often issues such as this one in the near future as 
SSL3 support and below is in the process of being dropped from almost 
everything.


More information about the dovecot mailing list