Dovecot SSL issues

madnoob2

• April 11, 2018 16:35

Hello, after I migrated my cPanel to a new server I'm getting dovecot IMAP errors when using the 993 SSL port. Apr 11 23:22:35 localhost dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=myip, lip=myip, TLS handshaking: SSL_accept() failed: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol, session= Does anyone know what the issue is here? It all worked perfectly fine on the older server (same cp version - latest) // I used the transfer tool to transfer everything (including exim settings).

• 

  PenguinInternet

  • April 12, 2018 06:28

  On new servers, only TLS v1.2 is enabled as standard therefore you need to preferably ensure that your mail client supports and uses this protocol instead of the older SSL protocols which are now deemed to be insecure. Alternatively you can add support for older versions of TLS (v1.0 / 1.1) if needed by editing the mailserver configuation

  0
• 

  madnoob2

  • April 12, 2018 13:29

  Could you please provide me with the dovecot ssl settings as well as exim's ? I messed around with it, my dovecot looks like this : !SSLv2 !SSLv3 !TLSv1 !TLSv1.1 And exim : +no_sslv2 +no_sslv3 Is that correct? I realized that all the clients will have to re-add their mails onto their client as something got messed up there during the transition.

  0
• 

  cPanelMichael

  • April 12, 2018 13:30

  Hello, As noted in the previous response, the system enables Transport Layer Security (TLS) protocol version 1.2 on new installations of cPanel & WHM starting with version 68. This is noted at: 68 Release Notes - Version 68 Documentation - cPanel Documentation Can you verify which Operating System and email client are you using when encountering this error message? Thank you.

  0
• 

  madnoob2

  • April 12, 2018 14:25

  Hi Michael, While I can confirm one, I can't confirm for other clients. My own phone that runs on iOS 8 (I know, outdated) had issues with the migration, but before that on our old host (v68 as well) everything worked fine. After the migration on new host it got messy, but removing the mail and adding it again in the client worked fine. Could you point me to default settings for dovecot + exim regarding the SSL settings?

  0
• 

  cPanelMichael

  • April 12, 2018 14:44

  My own phone that runs on iOS 8 (I know, outdated) had issues with the migration, but before that on our old host (v68 as well) everything worked fine.

  
  The TLS changes are only enabled by default on new installations of cPanel. Thus, if the previous server was updated to cPanel & WHM 68 from a previous server, the TLS changes would not have been enabled automatically.

  After the migration on new host it got messy, but removing the mail and adding it again in the client worked fine. Could you point me to default settings for dovecot + exim regarding the SSL settings?

  
  We provide these values at: How to Adjust Cipher Protocols - cPanel Knowledge Base - cPanel Documentation Thank you.

  0

Please sign in to leave a comment.