Sample Header Ad - 728x90

Apple iPad cannot access IMAP via Dovecot -- SSL unsupported protocol

0 votes
0 answers
359 views
ssl dovecot imap apple
I have a mail server that has been running for quite some time. Most of my clients use non-Apple devices or are okay with web-clients. I am only now running into this roadblock, because a new client prefers using the Apple app to read email. They have an older iPad, which maxes out at iOS 9.3.5. Just found out this is rather old. Will my set up run on a more modern iOS? * When that older iOS device attempts IMAP connection, I am getting the following errors. 
Jan  8 17:59:40 host dovecot: imap-login: Debug: SSL: where=0x10, ret=1: before SSL initialization
    Jan  8 17:59:40 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization
    Jan  8 17:59:40 host dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: before SSL initialization
    Jan  8 17:59:40 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization
    Jan  8 17:59:40 host dovecot: imap-login: Debug: SSL alert: where=0x4008, ret=582: fatal protocol version
    Jan  8 17:59:40 host dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: error
    Jan  8 17:59:40 host dovecot: imap-login: Debug: SSL error: SSL_accept() failed: error:0A000102:SSL routines::unsupported protocol
    Jan  8 17:59:40 host dovecot: imap-login: Disconnected: Connection closed: SSL_accept() failed: error:0A000102:SSL routines::unsupported protocol (no auth attempts in 0 secs): user=, rip=x.x.x.x, lip=y.y.y.y, TLS handshaking: SSL_accept() failed: error:0A000102:SSL routines::unsupported protocol, session=
    Jan  8 17:59:40 host dovecot: imap-login: Debug: SSL error: SSL_accept() syscall failed: Invalid argument
* With Roundcube and Outlook, here are the log results (similar for both) where client IMAP access works: 
Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x10, ret=1: before SSL initialization
    Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization
    Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: before SSL initialization
    Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization
    Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS read client hello
    Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write server hello
    Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write change cipher spec
    Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: TLSv1.3 write encrypted extensions
    Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write certificate
    Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: TLSv1.3 write server certificate verify
    Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write finished
    Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: TLSv1.3 early data
    Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: TLSv1.3 early data
    Jan  8 18:19:14 host dovecot: message repeated 2 times: [ imap-login: Debug: SSL: where=0x2002, ret=-1: TLSv1.3 early data]
    Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: TLSv1.3 early data
    Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS read finished
    Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x20, ret=1: SSLv3/TLS write session ticket
    Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write session ticket
    Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write session ticket
    Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2002, ret=1: SSL negotiation finished successfully
    Jan  8 18:19:14 host dovecot: imap-login: Login: user=, method=PLAIN, rip=x.x.x.x, lip=x.x.x.x, mpid=421260, TLS, session=
    Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x10, ret=1: before SSL initialization
    Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization
    Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: before SSL initialization
    Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization
    Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS read client hello
    Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write server hello
    Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write change cipher spec
    Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: TLSv1.3 write encrypted extensions
    Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write certificate
    Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: TLSv1.3 write server certificate verify
    Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write finished
    Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: TLSv1.3 early data
    Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: TLSv1.3 early data
    Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: TLSv1.3 early data
    Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS read finished
    Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x20, ret=1: SSLv3/TLS write session ticket
    Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write session ticket
    Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write session ticket
    Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2002, ret=1: SSL negotiation finished successfully
    Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL alert: close notify
    Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL alert: close notify
    Jan  8 18:19:14 host dovecot: imap(user@domain.net): Disconnected: Logged out in=316 out=1699 deleted=0 expunged=0 trashed=0 hdr_count=1 hdr_bytes=250 body_count=0 body_bytes=0

Here is my setup

* Ubuntu 22.04.3 LTS * Kernel 5.15.0-91-generic * Dovecot 2.3.16 (7e2e900c1a) * OpenSSL 3.0.2 * Certbot 2.8.0

Config Files

* SSL-configuration 
-shellsession
    $ cat /etc/dovecot/conf.d/10-ssl.conf
    ssl = yes
    verbose_ssl = yes
    ssl_cert = 
* Dovecot:
lang-shellsession $ cat /etc/dovecot/conf.d/10-master.conf service imap-login { inet_listener imap { port = 0 } inet_listener imaps { port = 993 ssl = yes } } service pop3-login { inet_listener pop3 { port = 0 } inet_listener pop3s { port = 995 ssl = yes } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { mode = 0600 user = postfix group = postfix } } service imap { } service pop3 { } service auth { unix_listener /var/spool/postfix/private/auth { mode = 0666 user = postfix group = postfix } unix_listener auth-userdb { mode = 0600 user = vmail } user = dovecot } service auth-worker { user = vmail } service dict { unix_listener dict { } } ```

SSL Labs Test Results

Overall A Rating. A few highlights from the Configuration section.
| Protocols | | | --------- | --- | | TLS1.3 | Yes | | TLS1.2 | Yes | | TLS1.1 | No | | TLS1.0 | No | | SSL 3 | No | | SSL 2 | No | | Cipher Suites - TLS 1.3 (server has no preference) | | | ------------------------------------------------------------------------ | --- | | TLS_AES_128_GCM_SHA256 (0x1301) ECDH x25519 (eq. 3072 bits RSA) FS | 128 | | TLS_AES_256_GCM_SHA384 (0x1302) ECDH x25519 (eq. 3072 bits RSA) FS | 256 | | TLS_CHACHA20_POLY1305_SHA256 (0x1303) ECDH x25519 (eq. 3072 bits RSA) FS | 256 | | Cipher Suites - TLS 1.2 (server has no preference) | | | ------------------------------------------------------------------------------------------------- | --- | | TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b) ECDH secp521r1 (eq. 15360 bits RSA) FS 128 | 128 | | TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c) ECDH secp521r1 (eq. 15360 bits RSA) FS 256 | 256 | | TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9) ECDH secp521r1 (eq. 15360 bits RSA) FS 256 | 256 |
Asked by pollyPaul (1 rep)
Jan 8, 2024, 07:08 PM
Last activity: Jan 9, 2024, 09:12 AM
Sidebar Ad - 300x250
Related Questions

Browse more questions from Unix & Linux Stack Exchange

More questions tagged "ssl"
More questions tagged "dovecot"
More questions tagged "imap"
Footer Ad - 728x90