Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Supported dovecot ciphers #698

Closed
chrisch-hh opened this issue Nov 1, 2018 · 2 comments
Closed

Supported dovecot ciphers #698

chrisch-hh opened this issue Nov 1, 2018 · 2 comments
Milestone

Comments

@chrisch-hh
Copy link

@chrisch-hh chrisch-hh commented Nov 1, 2018

I'm running Mailu 1.5. Some of my customers with older mail clients have problems syncing mails via IMAP. In the logs I'm getting SSL: error:1402710B:SSL routines:ACCEPT_SR_CLNT_HELLO_C:wrong version number, so I guess there must be a problem with the SSL/TLS handshake. I checked which ciphers dovecot offers:

nmap --script ssl-enum-ciphers -p 143 mail.myserver.de

PORT    STATE SERVICE
143/tcp open  imap
| ssl-enum-ciphers:
|   TLSv1.2:
|     ciphers:
|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
|       TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 4096) - A
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (rsa 2048) - A
|     compressors:
|       NULL
|     cipher preference: server
|_  least strength: A

It seems that dovecot only support TLSv1.2 with these three ciphers and I guess that the older mail clients don't accept TLSv1.2 and/or these ciphers.

Is there a way to support more (older) ciphers?

@ofthesun9
Copy link
Contributor

@ofthesun9 ofthesun9 commented Nov 2, 2018

You can adapt the tls.conf to your needs and mount it in the nginx service at /conf/tls.conf
See #363 (I have provided an example working for me)
Of course, you need to accept to lower your security standards to go to TLSv1 or v1.1...

@chrisch-hh
Copy link
Author

@chrisch-hh chrisch-hh commented Nov 2, 2018

Thanks for the hint, enabling TLSv1 does the trick.

My mistake was trying to change the TLS config in the dovecot container and not in the nginx container.

Well, I guess I should convince my customers to use modern mail clients...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
3 participants