Dovecot IMAPS : Thunderbird SSL cert issue / Evolution OK

hanasaki at gmail.com hanasaki at gmail.com
Thu Apr 30 14:49:26 EEST 2020


Recently thunderbird and Dovecot IMAPS cannot agree on SSL however 
Evolution, on the exact same system, is working fine with the same 
accounts. Tried recreating the Dovecot cert and also the thunderbird 
accounts from scratch. The OpenSSL raw client works fine as well.

Would someone also confirm the openssl commands to create a selfsigned 
cert for dovecot imaps.  They cert created does work with evolution; 
just not thunderbird.

Thoughts?

Apr 8 18:10:18 hh dovecot: imap-login: Debug: SSL error: SSL_accept() 
failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad 
certificate: SSL alert number 42
Apr 8 18:10:18 hh dovecot: imap-login: Disconnected (no auth attempts in 
0 secs): user=<>, rip=000, lip=0000 TLS handshaking: SSL_accept() 
failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad 
certificate: SSL alert number 42, session=<-->
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x10, ret=1: 
before SSL initialization
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: 
before SSL initialization
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: 
before SSL initialization
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: 
before SSL initialization
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: 
SSLv3/TLS read client hello
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: 
SSLv3/TLS write server hello
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: 
SSLv3/TLS write change cipher spec
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: 
TLSv1.3 write encrypted extensions
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: 
SSLv3/TLS write certificate
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: 
TLSv1.3 write server certificate verify
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: 
SSLv3/TLS write finished
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: 
TLSv1.3 early data
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: 
TLSv1.3 early data
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: 
TLSv1.3 early data
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: 
TLSv1.3 early data
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: 
TLSv1.3 early data
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL alert: where=0x4004, 
ret=554: fatal bad certificate
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: 
error
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL error: SSL_accept() 
failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad 
certificate: SSL alert number 42
Apr 8 18:10:19 firewall dovecot: imap-login: Disconnected (no auth 
attempts in 0 secs): user=<>, rip=000, lip=00, TLS handshaking: 
SSL_accept() failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3 
alert bad certificate: SSL alert number 42, session=<--->

reference
http://forums.debian.net/viewtopic.php?f=5&t=145849



More information about the dovecot mailing list