<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">On 20.07.2019 22:37, Aki Tuomi via
dovecot wrote:<br>
</div>
<blockquote type="cite"
cite="mid:929297881.8212.1563651420028@appsuite-dev-gw2.open-xchange.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<meta charset="UTF-8">
<div> <br>
</div>
<blockquote type="cite">
<div> On 20/07/2019 21:07 Reio Remma via dovecot
<a class="moz-txt-link-rfc2396E" href="mailto:dovecot@dovecot.org"><dovecot@dovecot.org></a> wrote: </div>
<div> <br>
</div>
<div> <br>
</div>
<div class="moz-cite-prefix"> On 20.07.2019 18:03, Aki Tuomi via
dovecot wrote: <br>
</div>
<blockquote type="cite">
<div> <br>
</div>
<blockquote type="cite">
<div> On 20/07/2019 13:12 Reio Remma via dovecot < <a
href="mailto:dovecot@dovecot.org" moz-do-not-send="true">dovecot@dovecot.org</a>>
wrote: </div>
<div> <br>
</div>
<div> <br>
</div>
<div> On 19.07.2019 0:24, Reio Remma via dovecot wrote: </div>
<blockquote type="cite">
<div> I'm attempting to get Dovecot working with MySQL
user database on </div>
<div> another machine. I can connect to the MySQL (5.7.26)
instance with SSL </div>
<div> enabled: </div>
</blockquote>
<blockquote type="cite">
<div> mysql -h db.mrst.ee --ssl-ca=/etc/dovecot/ca.pem </div>
<div> --ssl-cert=/etc/dovecot/client-cert.pem </div>
<div> --ssl-key=/etc/dovecot/client-key.pem
--ssl-cipher=DHE-RSA-AES256-SHA </div>
<div> -u vmail -p </div>
</blockquote>
<blockquote type="cite">
<div> However if I use the same values in
dovecot-sql.conf.ext, I get the </div>
<div> following error: </div>
</blockquote>
<blockquote type="cite">
<div> Jul 19 00:20:18 turin dovecot: auth-worker(82996):
Error: </div>
<div> mysql(db.mrst.ee): Connect failed to database
(vmail): SSL connection </div>
<div> error: protocol version mismatch - waiting for 1
seconds before retry </div>
<div> Jul 19 00:20:19 turin dovecot: auth-worker(82996):
Error: </div>
<div> mysql(db.mrst.ee): Connect failed to database
(vmail): Connections </div>
<div> using insecure transport are prohibited while </div>
<div> --require_secure_transport=ON. - waiting for 5
seconds before retry </div>
</blockquote>
<blockquote type="cite">
<div> Database connection string: </div>
</blockquote>
<blockquote type="cite">
<div> connect = host=db.mrst.ee dbname=vmail user=vmail
password=stuff \ </div>
<div> ssl_ca=/etc/dovecot/ca.pem \ </div>
<div> ssl_cert=/etc/dovecot/client-cert.pem \ </div>
<div> ssl_key=/etc/dovecot/client-key.pem \ </div>
<div> ssl_cipher=DHE-RSA-AES256-SHA </div>
</blockquote>
<div> Update: I got it to connect successfully now after
downgrading the MySQL </div>
<div> server tls-version from TLSv1.1 to TLSv1. </div>
<div> <br>
</div>
<div> Is there a reason why Dovecot MySQL doesn't support
TLSv1.1? </div>
<div> <br>
</div>
<div> Thanks! </div>
<div> Reio </div>
</blockquote>
<div> <br>
</div>
<div> Dovecot mysql uses libmysqlclient. We do not enforce any
particular tls protocol version. If it requires you to
downgrade I suggest you review your client my.cnf for any
restrictions. </div>
<div class="io-ox-signature">
<pre>---
Aki Tuomi</pre>
</div>
</blockquote>
<br>
Thanks Aki! I'm looking at it now and despite identical MySQL
5.7.26 versions on both systems, it seems Dovecot is using
libmysqlclient 5.6.37. <br>
<br>
Dovecot seems to be using the older libmysqlclient.so.18.1.0
(5.6.37) from mysql-community-libs-compat 5.7.26 instead of the
newer libmysqlclient.so.20.3.13 (5.7.26) from
mysql-community-libs 5.7.26. <br>
<br>
If I try to remove the libs-compat, yum also insists on removing
dovecot-mysql, so it depends on the older libmysqlclient and
ignores the newer one. <br>
<br>
I don't suspect I can do anything on my end to force the Dovecot
CentOS package to use the non-compat libmysqlclient? <br>
<br>
Thanks, <br>
Reio </blockquote>
<div> <br>
</div>
<div> What repo are you using? </div>
<div class="io-ox-signature">
<pre>---
Aki Tuomi</pre>
</div>
</blockquote>
<br>
Installed Packages<br>
dovecot-mysql.x86_64
2:2.3.7-8
@dovecot-2.3-latest<br>
mysql-community-libs.x86_64
5.7.26-1.el7
@mysql57-community<br>
<br>
Both are from official repos.<br>
<br>
Thanks,<br>
Reio<br>
</body>
</html>