Dovecot with MySQL over SSL.
Reio Remma
reio at mrstuudio.ee
Sat Jul 20 13:12:56 EEST 2019
On 19.07.2019 0:24, Reio Remma via dovecot wrote:
> I'm attempting to get Dovecot working with MySQL user database on
> another machine. I can connect to the MySQL (5.7.26) instance with SSL
> enabled:
>
> mysql -h db.mrst.ee --ssl-ca=/etc/dovecot/ca.pem
> --ssl-cert=/etc/dovecot/client-cert.pem
> --ssl-key=/etc/dovecot/client-key.pem --ssl-cipher=DHE-RSA-AES256-SHA
> -u vmail -p
>
> However if I use the same values in dovecot-sql.conf.ext, I get the
> following error:
>
> Jul 19 00:20:18 turin dovecot: auth-worker(82996): Error:
> mysql(db.mrst.ee): Connect failed to database (vmail): SSL connection
> error: protocol version mismatch - waiting for 1 seconds before retry
> Jul 19 00:20:19 turin dovecot: auth-worker(82996): Error:
> mysql(db.mrst.ee): Connect failed to database (vmail): Connections
> using insecure transport are prohibited while
> --require_secure_transport=ON. - waiting for 5 seconds before retry
>
> Database connection string:
>
> connect = host=db.mrst.ee dbname=vmail user=vmail password=stuff \
> ssl_ca=/etc/dovecot/ca.pem \
> ssl_cert=/etc/dovecot/client-cert.pem \
> ssl_key=/etc/dovecot/client-key.pem \
> ssl_cipher=DHE-RSA-AES256-SHA
Update: I got it to connect successfully now after downgrading the MySQL
server tls-version from TLSv1.1 to TLSv1.
Is there a reason why Dovecot MySQL doesn't support TLSv1.1?
Thanks!
Reio
More information about the dovecot
mailing list