Dovecot (doveadm, ssl, sync) - error

Hello!

I've got a problem to run syncing between both dovecot services on the separate servers.
The error indicates to the problem with SSL configuration. I don't suppose it's a Dovecot bug.

Code:
dovecot: doveadm(10.0.1.15): Error: doveadm client disconnected before handshake: SSL_accept() failed: error:140260FC:SSL routines:ACCEPT_SR_CLNT_HELLO:unknown protocol

Had someone the similar issue?

Code:
mail_plugins = $mail_plugins notify replication

service replicator {
  process_min_avail = 1
}

service aggregator {
  fifo_listener replication-notify-fifo {
    user = dovecot
  }
  unix_listener replication-notify {
    user = dovecot
  }
}

service replicator {
  unix_listener replicator-doveadm {
    mode = 0600
  }
}

replication_max_conns = 10

service doveadm {
  inet_listener {
    port = 12347
        ssl = yes
  }
}

ssl = required
ssl_cert = </usr/local/etc/dovecot/ssl/my.crt
ssl_key = </usr/local/etc/dovecot/ssl/my.key
ssl_client_ca_file = </usr/local/etc/dovecot/ssl/ca.pem
ssl_client_ca_dir = /usr/local/etc/dovecot/ssl
 
Last edited:
Both, I mean the newest dovecot-2.2.33.2_2 and the older one dovecot-2.2.32.1_1 (or similar).
Every single service had/has the same version, so I've tested with old-old and newest-newest.

Code:
doveadm(10.0.1.15): Error: doveadm client disconnected before handshake: SSL_accept() failed: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
I get above error when I set
Code:
ssl_protocols = SSLv3 TLSv1 TLSv1.1
But when I comment the whole line I get the following.
Code:
dovecot: doveadm(10.0.1.15): Error: doveadm client disconnected before handshake: SSL_accept() failed: error:140260FC:SSL routines:ACCEPT_SR_CLNT_HELLO:unknown protocol
 

SirDice

Administrator
Staff member
Administrator
Moderator
Are you doing anything special with regards to SSL? I mean did you switch to LibreSSL, or the port's OpenSSL, or using the base OpenSSL? I noticed you can get some weird results if you mix everything up (some ports depending on LibreSSL and others on the base OpenSSL).
 
Good point of view. One of my servers had LibreSSL and the second one used base OpenSSL.
So, I've deinstalled LibreSSL and installed Dovecot without dependency of this libraries. I use ports to install that software.
I've restarted both services and errors the same...

On both servers are installed OpenSSL to version OpenSSL 1.0.2k-freebsd 26 Jan 2017.
Code:
:/usr/ports/mail/dovecot % cat Makefile | grep SSL
CPPFLAGS+=      -I${LOCALBASE}/include -I${OPENSSLINC}
LDFLAGS+=       -L${LOCALBASE}/lib -L${OPENSSLLIB}
I mean the following error on both services.
Code:
dovecot: doveadm(10.0.1.15): Error: doveadm client disconnected before handshake: SSL_accept() failed: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
dovecot.conf
Code:
ssl = required
ssl_protocols = SSLv3 TLSv1 TLSv1.1 TLSv1.2
ssl_cert = </usr/local/etc/dovecot/ssl/cert.crt
ssl_key = </usr/local/etc/dovecot/ssl/cert.key
ssl_client_ca_file = </usr/local/etc/dovecot/ssl/ca.pem
ssl_client_ca_dir = /usr/local/etc/dovecot/ssl
By the way. Directly using openssl command to connect from one server to other and vice versa is passed without any errors.
 
Top