SSL Certificate Error from IMAP Server
I am investigating this problem in the Dovecot mailing list as well as here.
Hopefully, there are users out there who are familiar with that IMAP server
For years, I have been running the Dovecot/Thunderbird combination. However, I am preparing a new server and both applications have obviously changed. An SSL certificate seems to be the cause of the problem. My TB settings are:
IMAP: Connection Security: SSL/TLS Port: 993 Authentication Method: Normal Password
The specific error message produced by TB attempting to connect is this: dovecot: imap-login: Disconnected: TLS: SSL_read() failed: SSL routines:ssl3_read_bytes:sslv3 alert bad certificate: SSL alert number 42
Dovecot seems to be complaining about the lack of an SSL certificate (or defective) despite the fact that my settings are: auth_ssl_require_client_cert = no ssl_verify_client_cert = no
Those settings work fine in my old server.
When I use the command below under Linux, everything is fine: openssl s_client -connect dovecot-server:imaps
At this point I prefer not having an SSL certificate on the Thunderbird side.
TIA
所有回覆 (3)
Why set Tbird to use SSL/TLS connection security if you don't want a certificate involved?
Stans said
Why set Tbird to use SSL/TLS connection security if you don't want a certificate involved?
Hi Stans:
I am attempting to have a minimum configuration (which worked fine for a long time) up&running. Dovecot allows fine-grained control. This is one the settings mentioned by the Dovecot expert:
protocol imap {
ssl_verify_client_cert = yes auth_ssl_require_client_cert = no ssl = required
}
protocol submission {
ssl_verify_client_cert = yes auth_ssl_require_client_cert = no ssl = required
}
Under some configuration, the server produces a certificate but the client does not. Presumably.
I will tighten the security settings later.
Thanks
由 Raymond H 於 修改
I think the clue here is you are using SSLV3 by the looks of the error you posted.
The minimum for encrypted connections is TLS V1.2