Error: SSL_accept() syscall failed

Fri Oct 11 23:21:10 EEST 2019

Am 11.10.2019 um 13:22 schrieb C. James Ervin via dovecot:
> In setting up my new mail server, I am getting the following in the logs:
> 
> Oct 11 07:10:59 kumo dovecot[5704]: imap-login: Disconnected (no auth 
> attempts in 0 secs): user=<>, rip=24.53.79.10, lip=172.26.12.90, *TLS 
> handshaking: SSL_accept() syscall failed: Success*, 
> session=<B9OokqCUD+UYNU8K>

Unless you meanwhile managed to solve your issue I see none from my 
side. Should be client side else.

# openssl s_client -connect 3.222.54.62:993
CONNECTED(00000003)
depth=3 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN 
= AddTrust External CA Root
verify return:1
depth=2 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST 
Network, CN = USERTrust RSA Certification Authority
verify return:1
depth=1 C = GB, ST = Greater Manchester, L = Salford, O = Sectigo 
Limited, CN = Sectigo RSA Domain Validation Secure Server CA
verify return:1
depth=0 OU = Domain Control Validated, OU = PositiveSSL, CN = kumo.kites.org
verify return:1
---
Certificate chain
  0 s:/OU=Domain Control Validated/OU=PositiveSSL/CN=kumo.kites.org
    i:/C=GB/ST=Greater Manchester/L=Salford/O=Sectigo Limited/CN=Sectigo 
RSA Domain Validation Secure Server CA
  1 s:/C=GB/ST=Greater Manchester/L=Salford/O=Sectigo Limited/CN=Sectigo 
RSA Domain Validation Secure Server CA
    i:/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST 
Network/CN=USERTrust RSA Certification Authority
  2 s:/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST 
Network/CN=USERTrust RSA Certification Authority
    i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust 
External CA Root
  3 s:/OU=Domain Control Validated/OU=PositiveSSL/CN=kumo.kites.org
    i:/C=GB/ST=Greater Manchester/L=Salford/O=Sectigo Limited/CN=Sectigo 
RSA Domain Validation Secure Server CA
  4 s:/C=GB/ST=Greater Manchester/L=Salford/O=Sectigo Limited/CN=Sectigo 
RSA Domain Validation Secure Server CA
    i:/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST 
Network/CN=USERTrust RSA Certification Authority
  5 s:/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST 
Network/CN=USERTrust RSA Certification Authority
    i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust 
External CA Root
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIRAPRR/DgRC9DMCNA+aXXAWsAwDQYJKoZIhvcNAQELBQAw
gY8xCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
BgNVBAcTB1NhbGZvcmQxGDAWBgNVBAoTD1NlY3RpZ28gTGltaXRlZDE3MDUGA1UE
AxMuU2VjdGlnbyBSU0EgRG9tYWluIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZlciBD
QTAeFw0xOTEwMTEwMDAwMDBaFw0yMDEwMDkyMzU5NTlaMFIxITAfBgNVBAsTGERv
bWFpbiBDb250cm9sIFZhbGlkYXRlZDEUMBIGA1UECxMLUG9zaXRpdmVTU0wxFzAV
BgNVBAMTDmt1bW8ua2l0ZXMub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAviqQmCB6So+K7jj8CIBb7MWZgnI6Ha8zvV1wbwo/giUSdOaVQ9OEg7NA
yEP24RcnEDi8j9WnJyazMhthMWssGEVJVmaqg11nnJ4GzN36uJJ/b3tsXupKMgQt
P3iR8gtuB5gVdH1t1jc6M4WORnhNL/k41eRDLv2zJZjxy4089SnAJn2uR2xiYSo0
Jr7HIuQcyISFOpvy9Qq2KLmkZxghEEnNHraFx0S5qlrj62DBa5TTPx1PCe43dXyn
Tmid4TfTua700xt7daYS2UQc9GSi0vEDj0XAvY1+GPiSkmrgNGa7DahZ7pywUiq0
5i3lUNW0ZHWAPkQrCdWbgslmf6QBvwIDAQABo4ICiTCCAoUwHwYDVR0jBBgwFoAU
jYxexFStiuF36Zv5mwXhuAGNYeEwHQYDVR0OBBYEFBiQDmP7BWEXR/MzWmB7Xnvi
RyUoMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsG
AQUFBwMBBggrBgEFBQcDAjBJBgNVHSAEQjBAMDQGCysGAQQBsjEBAgIHMCUwIwYI
KwYBBQUHAgEWF2h0dHBzOi8vc2VjdGlnby5jb20vQ1BTMAgGBmeBDAECATCBhAYI
KwYBBQUHAQEEeDB2ME8GCCsGAQUFBzAChkNodHRwOi8vY3J0LnNlY3RpZ28uY29t
L1NlY3RpZ29SU0FEb21haW5WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3J0MCMG
CCsGAQUFBzABhhdodHRwOi8vb2NzcC5zZWN0aWdvLmNvbTAtBgNVHREEJjAkgg5r
dW1vLmtpdGVzLm9yZ4ISd3d3Lmt1bW8ua2l0ZXMub3JnMIIBAwYKKwYBBAHWeQIE
AgSB9ASB8QDvAHYAB7dcG+V9aP/xsMYdIxXHuuZXfFeUt2ruvGE6GmnTohwAAAFt
uCloHAAABAMARzBFAiEAqj3ij29JbFtVe1zPiWxe0kHeqBausXJxHTEeF91WbIAC
IE+21ysv6L9xRKqdJGztqwNCjMkDCnvFuqGiIxnXJU4jAHUAXqdz+d9WwOe1Nkh9
0EngMnqRmgyEoRIShBh1loFxRVgAAAFtuCloFAAABAMARjBEAiBpLGo6/j/q3101
QmCQqAdTed7ZGdskysaHKDEDfmsGEQIgWH1U74bH8ajaWqpcJ+PCngLG49BJOYv3
WYrWq+9Hc9EwDQYJKoZIhvcNAQELBQADggEBAJH4RYgEfcVP8oP0Xa3HeC3u8EdG
XnvFjYSGTcEoaZXJOlAB8i7ZwzWUwkn6+A6LPQjkPf4yOJhP4iHYuYsKG4IHfSlJ
9DKy7X9kHgd3DiYPQ7j1FrOChL1/Zav+pr3M9N0CxCuveY/Z04W9DcqiychlCKAx
5jX28jkmAd+MFp8DB29vHqgbqJ/Dkbx8cnAbm4eragXZ3in+xACsfSkgfwkS4djG
aKP6Jx0dIlMtsKaQVwMNOSMapcGe2tFmrV8WR9uByo6wGOAu1KWu6YrhQTwjSoNP
9RWUpMPNAtrM69r+kkUc3cdE+SrJHzKwnivigKuzNkxiQO7sxJ2ria06vpU=
-----END CERTIFICATE-----
subject=/OU=Domain Control Validated/OU=PositiveSSL/CN=kumo.kites.org
issuer=/C=GB/ST=Greater Manchester/L=Salford/O=Sectigo 
Limited/CN=Sectigo RSA Domain Validation Secure Server CA
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-384, 384 bits
---
SSL handshake has read 9689 bytes and written 447 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
     Protocol  : TLSv1.2
     Cipher    : ECDHE-RSA-AES256-GCM-SHA384
     Session-ID: 
D70E66B01EDEAAF0C03188CF83AFCA71EAA6A3D56F0FA1F13281374E5E29506F
     Session-ID-ctx:
     Master-Key: 
1B1283187F21E890095893F8A3308A277F5DAB34471EF25DAC2135C08D6631ABA13035DCA24658399181CB42465F968E
     Key-Arg   : None
     Krb5 Principal: None
     PSK identity: None
     PSK identity hint: None
     TLS session ticket lifetime hint: 7200 (seconds)
     TLS session ticket:
     0000 - 84 e1 ef 09 30 b9 bc 58-e6 36 0f dd 32 7b 10 03 
....0..X.6..2{..
     0010 - 03 5d 1a a2 d8 a0 dc 3b-36 ee b8 76 da 21 ff 0e 
.].....;6..v.!..
     0020 - 30 29 e0 d4 19 fd 1e 84-09 c7 f5 24 fa 8d 7c 02 
0).........$..|.
     0030 - 77 b0 9d a9 8a 51 16 0a-6e 33 d8 90 87 ca a3 a9 
w....Q..n3......
     0040 - 87 ed 0e 3c 05 95 06 f3-e1 70 86 8a 3f 4a b5 98 
...<.....p..?J..
     0050 - da 53 7c dd 8c 77 c9 eb-3a 13 6e 77 d4 db 3c 0f 
.S|..w..:.nw..<.
     0060 - 2c 53 4d d2 f9 fa 31 15-e7 98 91 36 74 9e 4e 92 
,SM...1....6t.N.
     0070 - 7e 35 b1 73 a6 43 df e8-3e d4 4c 82 c3 1f cc 12 
~5.s.C..>.L.....
     0080 - a7 aa 7a 8a 36 6d 39 d6-1b 0d 93 52 c8 f6 24 23 
..z.6m9....R..$#
     0090 - 48 f5 f4 c3 17 fa 2d 3e-e5 ab 48 a1 9f 4c 48 f9 
H.....->..H..LH.

     Start Time: 1570825213
     Timeout   : 300 (sec)
     Verify return code: 0 (ok)
---
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE 
IDLE AUTH=PLAIN AUTH=LOGIN] Dovecot (Ubuntu) ready.
QUIT
DONE

Alexander