<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
running dovecot 2.3.18 (current)<br>
<br>
can do connection test<br>
<br>
# openssl s_client -connect localhost:993 -tls1 <br>
CONNECTED(00000003)<br>
write:errno=0<br>
---<br>
no peer certificate available<br>
---<br>
No client certificate CA names sent<br>
---<br>
SSL handshake has read 0 bytes and written 104 bytes<br>
Verification: OK<br>
---<br>
New, (NONE), Cipher is (NONE)<br>
Secure Renegotiation IS NOT supported<br>
Compression: NONE<br>
Expansion: NONE<br>
No ALPN negotiated<br>
SSL-Session:<br>
Protocol : TLSv1<br>
Cipher : 0000<br>
Session-ID: <br>
Session-ID-ctx: <br>
Master-Key: <br>
PSK identity: None<br>
PSK identity hint: None<br>
SRP username: None<br>
Start Time: 1649941141<br>
Timeout : 7200 (sec)<br>
Verify return code: 0 (ok)<br>
Extended master secret: no<br>
---<br>
<br>
and worked ok<br>
<br>
currently i hve the min version remmed out?<br>
<br>
ssl = yes<br>
verbose_ssl = yes<br>
ssl_dh =</usr/local/etc/dovecot/dh-4096.pem<br>
ssl_prefer_server_ciphers = yes<br>
<b><br>
<br>
#ssl_min_protocol = TLSv1.2</b><br>
<br>
<br>
<br>
<br>
<br>
<div class="moz-cite-prefix">On 4/12/2022 3:32 PM, Myriam Luce
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:cc75afb6-3765-657b-0db9-772c884db2cb@gmail.com">
<br>
Hi, I'm trying to enable TLS1.0 support for an old client. Per
dovecot -n
<br>
<br>
# 2.3.7.2 (3c910f64b): /etc/dovecot/dovecot.conf
<br>
# Pigeonhole version 0.5.7.2 ()
<br>
</blockquote>
<br>
<br>
<br>
<blockquote type="cite"
cite="mid:cc75afb6-3765-657b-0db9-772c884db2cb@gmail.com"># OS:
Linux 5.4.0-107-generic x86_64 Ubuntu 20.04.4 LTS ext4
<br>
# Hostname:
<br>
<br>
In 10-ssl.conf, I have set
<br>
<br>
ssl_min_protocol = TLSv1
<br>
<br>
(It doesn't show in dovecot -n, I suspect because it's equal to
default value?) I restarted dovecot with systemctl. Then, from
another machine,
<br>
<br>
openssl s_client -connect zeserver.com:993 -tls1
<br>
<br>
fails with this output:
<br>
<br>
CONNECTED(00000003)
<br>
140166917489984:error:141E70BF:SSL
routines:tls_construct_client_hello:no protocols
available:../ssl/statem/statem_clnt.c:1112:
<br>
---
<br>
no peer certificate available
<br>
---
<br>
No client certificate CA names sent
<br>
---
<br>
SSL handshake has read 0 bytes and written 7 bytes
<br>
Verification: OK
<br>
---
<br>
New, (NONE), Cipher is (NONE)
<br>
Secure Renegotiation IS NOT supported
<br>
Compression: NONE
<br>
Expansion: NONE
<br>
No ALPN negotiated
<br>
Early data was not sent
<br>
Verify return code: 0 (ok)
<br>
---
<br>
<br>
The same command with -tls1_2 works as intended (certificate
printing, imap prompt).
<br>
<br>
Am I forgetting something somewhere, or is this an actual bug?
<br>
<br>
<br>
</blockquote>
<br>
</body>
</html>