2020/10/30

From Woozle Writes Code
Jump to navigation Jump to search
Codeblog

This is the error I get on #Dovecot when #Eudora tries to connect:

Oct 30 14:56:52 cloud1 dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=107.15.53.219, lip=68.183.140.54, TLS handshaking: SSL_accept() failed: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol, session=<z0tcm+SyoQ9rDzXb>

I don't know why it says no auth attempts or why the SSL failed, though I'd guess maybe Dovecot is no longer supporting the highest version of TLS that Eudora speaks?

Others seem to agree that the problem is Dovecot dropping support for the old version of SSL that Eudora uses. I downloaded the Eudora source code, and it includes a lot of design documentation with extensive notes on how Eudora's SSL works (SSL Notes.txt) -- so that may be a good thing to study.

One suggestion was to add

ssl_protocols = SSLv3 TLSv1

to the sftp://root@cloud1.vbz.ovh/etc/dovecot/conf.d/10-ssl.conf, which resulted in Eudora asking for a password, but then failing with the same pair of errors. On the server side, these lines were logged:

Oct 30 20:06:35 cloud1 dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=107.15.53.219, lip=68.183.140.54, TLS handshaking: SSL_accept() failed: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol, session=<MqYC7+iygVZrDzXb>
Oct 30 20:06:36 cloud1 dovecot: imap-login: Login: user=<harena>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=4185099, secured, session=<uDMM7+iyYKt/AAAB>
Oct 30 20:06:36 cloud1 dovecot: imap(harena)<4185099><uDMM7+iyYKt/AAAB>: Logged out in=93 out=1043 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0

On closer examination, the last two lines must be Roundcube successfully logging in at almost the same time -- so they're not part of the Eudora interaction. The Eudora interaction is then unchanged.