<div dir="ltr">CentOS 7<br>Dovecot 2.2.36 <br><br>Nov 14 07:13:08 mail dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): <br>user=<>, rip=73.0.0.0, lip=192.64.118.242, TLS handshaking: SSL_accept() failed: <br>error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher, <br><div>session=<></div><div><br></div><div>Was working fine for over a year, until the cert expired and I replaced it.</div><div>I've tried the good cert I have for https and I used the Dovecot.org script to generate a self-signed certificate. <br></div><div><br></div><div>10-ssl.conf<br></div><div>## SSL settings</div><div>#ssl = required<br>ssl = yes<br>#ssl = no</div><div>ssl_cert = </etc/pki/dovecot/certs/mydomain.com.crt<br>ssl_key = </etc/pki/dovecot/private/mydomain.com.key
</div><div>#ssl_ca =</div><div>#ssl_require_crl = yes</div><div>#ssl_client_ca_dir =<br>#ssl_client_ca_file =</div><div>#ssl_verify_client_cert = no<br></div><div>#ssl_cert_username_field = commonName<br></div><div>#ssl_dh_parameters_length = 1024</div><div>#ssl_protocols = !SSLv3</div><div><br># SSL ciphers to use<br># ols values ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL<br>ssl_cipher_list = ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK: !RC4:!ADH:!LOW@STRENGTH<br><br># Prefer the server's order of ciphers over client's.<br>#ssl_prefer_server_ciphers = no</div><div><br></div><div># Prefer the server's order of ciphers over client's.<br>#ssl_prefer_server_ciphers = no</div><div># SSL crypto device to use, for valid values run "openssl engine"<br>#ssl_crypto_device =<br><br># SSL extra options. Currently supported options are:<br># no_compression - Disable compression.<br># no_ticket - Disable SSL session tickets.<br>#ssl_options =</div><div><br></div><div>===========================</div><div># openssl x509 -dates -in mydomain.com.crt<br>notBefore=Nov 11 16:31:35 2020 GMT<br>notAfter=Nov 11 16:31:35 2022 GMT<br>-----BEGIN CERTIFICATE-----</div><div> :<br></div><div>===========================<br></div><div> # openssl pkey -in mydomain.com.key<br>-----BEGIN PRIVATE KEY-----<br></div><div> :<br></div><div><br></div><div>Thanks for taking a look. Any ideas on what I should do next to debug?</div><div><br></div><div>Mike<br></div><div><br></div></div>