Avatar for Username

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Wannan tattunawa ta zama daɗaɗɗiya. Yi sabuwar tambaya idan ka na bukatar taimako.

SSL Certificate Error from IMAP Server

  • 3 amsoshi
  • 2 sa na da wannan matsala
  • 1 view
  • Amsa ta ƙarshe daga Matt

Raymond H
Raymond H
more options

I am investigating this problem in the Dovecot mailing list as well as here.

Hopefully, there are users out there who are familiar with that IMAP server

For years, I have been running the Dovecot/Thunderbird combination. However, I am preparing a new server and both applications have obviously changed. An SSL certificate seems to be the cause of the problem. My TB settings are:

IMAP: Connection Security: SSL/TLS Port: 993 Authentication Method: Normal Password

The specific error message produced by TB attempting to connect is this: dovecot: imap-login: Disconnected: TLS: SSL_read() failed: SSL routines:ssl3_read_bytes:sslv3 alert bad certificate: SSL alert number 42

Dovecot seems to be complaining about the lack of an SSL certificate (or defective) despite the fact that my settings are: auth_ssl_require_client_cert = no ssl_verify_client_cert = no

Those settings work fine in my old server.

When I use the command below under Linux, everything is fine: openssl s_client -connect dovecot-server:imaps

At this point I prefer not having an SSL certificate on the Thunderbird side.

TIA

I am investigating this problem in the Dovecot mailing list as well as here. Hopefully, there are users out there who are familiar with that IMAP server For years, I have been running the Dovecot/Thunderbird combination. However, I am preparing a new server and both applications have obviously changed. An SSL certificate seems to be the cause of the problem. My TB settings are: IMAP: Connection Security: SSL/TLS Port: 993 Authentication Method: Normal Password The specific error message produced by TB attempting to connect is this: dovecot: imap-login: Disconnected: TLS: SSL_read() failed: SSL routines:ssl3_read_bytes:sslv3 alert bad certificate: SSL alert number 42 Dovecot seems to be complaining about the lack of an SSL certificate (or defective) despite the fact that my settings are: auth_ssl_require_client_cert = no ssl_verify_client_cert = no Those settings work fine in my old server. When I use the command below under Linux, everything is fine: openssl s_client -connect dovecot-server:imaps At this point I prefer not having an SSL certificate on the Thunderbird side. TIA

All Replies (3)

Stans
Stans
more options

Why set Tbird to use SSL/TLS connection security if you don't want a certificate involved?

Raymond H
Raymond H Mai mallakar tambaya
more options

Stans said
Why set Tbird to use SSL/TLS connection security if you don't want a certificate involved?

Hi Stans:

I am attempting to have a minimum configuration (which worked fine for a long time) up&running. Dovecot allows fine-grained control. This is one the settings mentioned by the Dovecot expert:

protocol imap { 

   ssl_verify_client_cert = yes
   auth_ssl_require_client_cert = no
   ssl = required

}

protocol submission { 

   ssl_verify_client_cert = yes
   auth_ssl_require_client_cert = no
   ssl = required

}

Under some configuration, the server produces a certificate but the client does not. Presumably.

I will tighten the security settings later.

Thanks

An gyara daga Raymond H

Matt
Matt
  • Moderator
  • Top 10 Contributor
more options

I think the clue here is you are using SSLV3 by the looks of the error you posted.

See https://support.mozilla.org/en-US/kb/thunderbird-78-faq#w_after-upgrading-to-thunderbird-78-i-cannot-get-or-send-email-messages

The minimum for encrypted connections is TLS V1.2