New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Supported dovecot ciphers #698

Closed
chrisch-hh opened this Issue Nov 1, 2018 · 2 comments

Comments

3 participants
@chrisch-hh
Copy link

chrisch-hh commented Nov 1, 2018

I'm running Mailu 1.5. Some of my customers with older mail clients have problems syncing mails via IMAP. In the logs I'm getting SSL: error:1402710B:SSL routines:ACCEPT_SR_CLNT_HELLO_C:wrong version number, so I guess there must be a problem with the SSL/TLS handshake. I checked which ciphers dovecot offers:

nmap --script ssl-enum-ciphers -p 143 mail.myserver.de

PORT    STATE SERVICE
143/tcp open  imap
| ssl-enum-ciphers:
|   TLSv1.2:
|     ciphers:
|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
|       TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 4096) - A
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (rsa 2048) - A
|     compressors:
|       NULL
|     cipher preference: server
|_  least strength: A

It seems that dovecot only support TLSv1.2 with these three ciphers and I guess that the older mail clients don't accept TLSv1.2 and/or these ciphers.

Is there a way to support more (older) ciphers?

@ofthesun9

This comment has been minimized.

Copy link
Contributor

ofthesun9 commented Nov 2, 2018

You can adapt the tls.conf to your needs and mount it in the nginx service at /conf/tls.conf
See #363 (I have provided an example working for me)
Of course, you need to accept to lower your security standards to go to TLSv1 or v1.1...

@chrisch-hh

This comment has been minimized.

Copy link
Author

chrisch-hh commented Nov 2, 2018

Thanks for the hint, enabling TLSv1 does the trick.

My mistake was trying to change the TLS config in the dovecot container and not in the nginx container.

Well, I guess I should convince my customers to use modern mail clients...

@muhlemmer muhlemmer closed this Nov 2, 2018

@muhlemmer muhlemmer added this to the 1.6 milestone Dec 18, 2018

@muhlemmer muhlemmer reopened this Dec 18, 2018

@muhlemmer muhlemmer modified the milestone: 1.6 Dec 18, 2018

@muhlemmer muhlemmer closed this in f91b805 Jan 2, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment