2020/12/04: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
Line 16: | Line 16: | ||
* <code>verbose_ssl = yes</code> - the extra info appeared after I made this change | * <code>verbose_ssl = yes</code> - the extra info appeared after I made this change | ||
As far as I can tell, Eudora should support up through TLSv1.1. I tested Dovecot with TLSv1 and TLSv1.1, and both were successful -- so I really don't understand what's going on here. | As far as I can tell, Eudora should support up through TLSv1.1. I tested Dovecot with TLSv1 and TLSv1.1, and <s>both were successful -- so I really don't understand what's going on here</s> oh wait, maybe "Verification: OK" doesn't mean success. It ''does'' say "no protocols available" for 1.0 and 1.1, but gives all kinds of additional certificate info for 1.2. | ||
TLSv1 test: | |||
openssl s_client -connect mail.vbz.net:993 -tls1 | |||
Output: | |||
<pre> | |||
CONNECTED(00000003) | |||
140056042988864:error:141E70BF:SSL routines:tls_construct_client_hello:no protocols available:../ssl/statem/statem_clnt.c:1112: | |||
--- | |||
no peer certificate available | |||
--- | |||
No client certificate CA names sent | |||
--- | |||
SSL handshake has read 0 bytes and written 7 bytes | |||
Verification: OK | |||
--- | |||
New, (NONE), Cipher is (NONE) | |||
Secure Renegotiation IS NOT supported | |||
Compression: NONE | |||
Expansion: NONE | |||
No ALPN negotiated | |||
Early data was not sent | |||
Verify return code: 0 (ok) | |||
--- | |||
</pre> |
Revision as of 01:56, 5 December 2020
Template:Box/nav/log Turning on a couple of debug flags in #Dovecot's config now shows this in mail.log when #Eudora tries to connect:
Dec 5 00:58:54 cloud1 dovecot: pop3-login: Debug: SSL: where=0x10, ret=1: before SSL initialization Dec 5 00:58:54 cloud1 dovecot: pop3-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization Dec 5 00:58:54 cloud1 dovecot: pop3-login: Debug: SSL: where=0x2002, ret=-1: before SSL initialization Dec 5 00:58:54 cloud1 dovecot: pop3-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization Dec 5 00:58:54 cloud1 dovecot: pop3-login: Debug: SSL alert: where=0x4008, ret=582: fatal protocol version Dec 5 00:58:54 cloud1 dovecot: pop3-login: Debug: SSL: where=0x2002, ret=-1: error Dec 5 00:58:54 cloud1 dovecot: pop3-login: Debug: SSL error: SSL_accept() failed: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol Dec 5 00:58:54 cloud1 dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=107.15.53.219, lip=68.183.140.54, TLS handshaking: SSL_accept() failed: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol, session=</enhGK21wTFrDzXb> Dec 5 00:58:54 cloud1 dovecot: pop3-login: Debug: SSL error: SSL_accept() syscall failed: Invalid argument
The flags I changed:
auth_verbose = yes
- didn't immediately change anythingverbose_ssl = yes
- the extra info appeared after I made this change
As far as I can tell, Eudora should support up through TLSv1.1. I tested Dovecot with TLSv1 and TLSv1.1, and both were successful -- so I really don't understand what's going on here oh wait, maybe "Verification: OK" doesn't mean success. It does say "no protocols available" for 1.0 and 1.1, but gives all kinds of additional certificate info for 1.2.
TLSv1 test:
openssl s_client -connect mail.vbz.net:993 -tls1
Output:
CONNECTED(00000003) 140056042988864:error:141E70BF:SSL routines:tls_construct_client_hello:no protocols available:../ssl/statem/statem_clnt.c:1112: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 7 bytes Verification: OK --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) ---