SSL errors after certificate renewal

Jochen Bern Jochen.Bern at binect.de
Wed Sep 8 09:52:24 EEST 2021


On 07.09.21 19:25, Amol Kulkarni wrote:
> After I replaced my certificate with a new one yesterday, I'm seeing some
> ssl related errors. [...]
> dovecot: imap-login: Disconnected (no auth attempts in 1 secs): [...]
> dovecot: imap-login: Disconnected (no auth attempts in 0 secs): [...]

These log messages indicate that it was the client who stopped doing the
full login procedure. My first guess would be that a majority of those
clients want their user/admin to confirm trust in the new server cert
before they "leak" authentication tokens (user+auth) to it.

On 07.09.21 21:16, N wrote:
> Separate subject, but couldn't help but notice, SSL3 is being used? 

SSLv3 and at least the earlier versions of TLS share a lot of underlying
cryptalgorithms, so the log messages (from double-used code) still *say*
"SSL3". (If you want to be *sure*, run a scanner like sslyze against the
server.)

Regards,
-- 
Jochen Bern
Systemingenieur

Binect GmbH

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3449 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://dovecot.org/pipermail/dovecot/attachments/20210908/4f7e1f50/attachment-0001.p7s>


More information about the dovecot mailing list