Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Supported dovecot ciphers #698

chrisch-hh opened this issue Nov 1, 2018 · 2 comments

Supported dovecot ciphers #698

chrisch-hh opened this issue Nov 1, 2018 · 2 comments


Copy link

I'm running Mailu 1.5. Some of my customers with older mail clients have problems syncing mails via IMAP. In the logs I'm getting SSL: error:1402710B:SSL routines:ACCEPT_SR_CLNT_HELLO_C:wrong version number, so I guess there must be a problem with the SSL/TLS handshake. I checked which ciphers dovecot offers:

nmap --script ssl-enum-ciphers -p 143

143/tcp open  imap
| ssl-enum-ciphers:
|   TLSv1.2:
|     ciphers:
|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
|       TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 4096) - A
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (rsa 2048) - A
|     compressors:
|       NULL
|     cipher preference: server
|_  least strength: A

It seems that dovecot only support TLSv1.2 with these three ciphers and I guess that the older mail clients don't accept TLSv1.2 and/or these ciphers.

Is there a way to support more (older) ciphers?

Copy link

You can adapt the tls.conf to your needs and mount it in the nginx service at /conf/tls.conf
See #363 (I have provided an example working for me)
Of course, you need to accept to lower your security standards to go to TLSv1 or v1.1...

Copy link

Thanks for the hint, enabling TLSv1 does the trick.

My mistake was trying to change the TLS config in the dovecot container and not in the nginx container.

Well, I guess I should convince my customers to use modern mail clients...

@muhlemmer muhlemmer added this to the 1.6 milestone Dec 18, 2018
@muhlemmer muhlemmer reopened this Dec 18, 2018
@muhlemmer muhlemmer modified the milestone: 1.6 Dec 18, 2018
@muhlemmer muhlemmer added the status/wip Work in progress. This will block mergify until the label is removed. label Dec 31, 2018
@muhlemmer muhlemmer added faq/done and removed faq/include status/wip Work in progress. This will block mergify until the label is removed. labels Dec 31, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
None yet

No branches or pull requests

3 participants