• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Dovecot (doveadm, ssl, sync) - error

IPTRACE

Active Member

Thanks: 20
Messages: 198

#1
Hello!

I've got a problem to run syncing between both dovecot services on the separate servers.
The error indicates to the problem with SSL configuration. I don't suppose it's a Dovecot bug.

Code:
dovecot: doveadm(10.0.1.15): Error: doveadm client disconnected before handshake: SSL_accept() failed: error:140260FC:SSL routines:ACCEPT_SR_CLNT_HELLO:unknown protocol
Had someone the similar issue?

Code:
mail_plugins = $mail_plugins notify replication

service replicator {
  process_min_avail = 1
}

service aggregator {
  fifo_listener replication-notify-fifo {
    user = dovecot
  }
  unix_listener replication-notify {
    user = dovecot
  }
}

service replicator {
  unix_listener replicator-doveadm {
    mode = 0600
  }
}

replication_max_conns = 10

service doveadm {
  inet_listener {
    port = 12347
        ssl = yes
  }
}

ssl = required
ssl_cert = </usr/local/etc/dovecot/ssl/my.crt
ssl_key = </usr/local/etc/dovecot/ssl/my.key
ssl_client_ca_file = </usr/local/etc/dovecot/ssl/ca.pem
ssl_client_ca_dir = /usr/local/etc/dovecot/ssl
 
Last edited:

SirDice

Administrator
Staff member
Administrator
Moderator

Thanks: 5,508
Messages: 25,691

#2
Which version of Dovecot do you have installed?
 

IPTRACE

Active Member

Thanks: 20
Messages: 198

#3
Both, I mean the newest dovecot-2.2.33.2_2 and the older one dovecot-2.2.32.1_1 (or similar).
Every single service had/has the same version, so I've tested with old-old and newest-newest.

Code:
doveadm(10.0.1.15): Error: doveadm client disconnected before handshake: SSL_accept() failed: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
I get above error when I set
Code:
ssl_protocols = SSLv3 TLSv1 TLSv1.1
But when I comment the whole line I get the following.
Code:
dovecot: doveadm(10.0.1.15): Error: doveadm client disconnected before handshake: SSL_accept() failed: error:140260FC:SSL routines:ACCEPT_SR_CLNT_HELLO:unknown protocol
 

SirDice

Administrator
Staff member
Administrator
Moderator

Thanks: 5,508
Messages: 25,691

#4
Are you doing anything special with regards to SSL? I mean did you switch to LibreSSL, or the port's OpenSSL, or using the base OpenSSL? I noticed you can get some weird results if you mix everything up (some ports depending on LibreSSL and others on the base OpenSSL).
 

IPTRACE

Active Member

Thanks: 20
Messages: 198

#5
Good point of view. One of my servers had LibreSSL and the second one used base OpenSSL.
So, I've deinstalled LibreSSL and installed Dovecot without dependency of this libraries. I use ports to install that software.
I've restarted both services and errors the same...

On both servers are installed OpenSSL to version OpenSSL 1.0.2k-freebsd 26 Jan 2017.
Code:
:/usr/ports/mail/dovecot % cat Makefile | grep SSL
CPPFLAGS+=      -I${LOCALBASE}/include -I${OPENSSLINC}
LDFLAGS+=       -L${LOCALBASE}/lib -L${OPENSSLLIB}
I mean the following error on both services.
Code:
dovecot: doveadm(10.0.1.15): Error: doveadm client disconnected before handshake: SSL_accept() failed: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
dovecot.conf
Code:
ssl = required
ssl_protocols = SSLv3 TLSv1 TLSv1.1 TLSv1.2
ssl_cert = </usr/local/etc/dovecot/ssl/cert.crt
ssl_key = </usr/local/etc/dovecot/ssl/cert.key
ssl_client_ca_file = </usr/local/etc/dovecot/ssl/ca.pem
ssl_client_ca_dir = /usr/local/etc/dovecot/ssl
By the way. Directly using openssl command to connect from one server to other and vice versa is passed without any errors.