Dovecot with MySQL over SSL.

Reio Remma reio at mrstuudio.ee
Sat Jul 20 13:12:56 EEST 2019


On 19.07.2019 0:24, Reio Remma via dovecot wrote:
> I'm attempting to get Dovecot working with MySQL user database on 
> another machine. I can connect to the MySQL (5.7.26) instance with SSL 
> enabled:
>
> mysql -h db.mrst.ee --ssl-ca=/etc/dovecot/ca.pem 
> --ssl-cert=/etc/dovecot/client-cert.pem 
> --ssl-key=/etc/dovecot/client-key.pem --ssl-cipher=DHE-RSA-AES256-SHA 
> -u vmail -p
>
> However if I use the same values in dovecot-sql.conf.ext, I get the 
> following error:
>
> Jul 19 00:20:18 turin dovecot: auth-worker(82996): Error: 
> mysql(db.mrst.ee): Connect failed to database (vmail): SSL connection 
> error: protocol version mismatch - waiting for 1 seconds before retry
> Jul 19 00:20:19 turin dovecot: auth-worker(82996): Error: 
> mysql(db.mrst.ee): Connect failed to database (vmail): Connections 
> using insecure transport are prohibited while 
> --require_secure_transport=ON. - waiting for 5 seconds before retry
>
> Database connection string:
>
> connect = host=db.mrst.ee dbname=vmail user=vmail password=stuff \
>     ssl_ca=/etc/dovecot/ca.pem \
>     ssl_cert=/etc/dovecot/client-cert.pem \
>     ssl_key=/etc/dovecot/client-key.pem \
>     ssl_cipher=DHE-RSA-AES256-SHA

Update: I got it to connect successfully now after downgrading the MySQL 
server tls-version from TLSv1.1 to TLSv1.

Is there a reason why Dovecot MySQL doesn't support TLSv1.1?

Thanks!
Reio


More information about the dovecot mailing list