On 2/17/17 8:58 AM, Bastian Sebode wrote: > I uploaded two Wireshark tracefiles, further logs and dovecot -n
Looking at your dovecot -n, you're using two different files here: ssl_cert = </etc/ssl/sebode-online.de/chain.pem ssl_key = </etc/ssl/sebode-online.de/key.pem Are you sure these two files match, and contain the right things in the right order? We use a single PEM file as input for both of these parameters, and that PEM file contains, in this order: -----BEGIN RSA PRIVATE KEY----- ... -----BEGIN CERTIFICATE----- ... -----BEGIN CERTIFICATE----- ... where the first BEGIN CERTIFICATE is the specific hostname one, and the second BEGIN CERTIFICATE is the Let's Encrypt X3 intermediate certificate that ends with "DNFu0Qg==". You're also manually specifying these non-default parameters: ssl_cipher_list = ... ssl_prefer_server_ciphers = yes ssl_protocols = !SSLv2 !SSLv3 For testing, I would simplify. Does it work without any of those three things set? -- Robert L Mathews, Tiger Technologies, http://www.tigertech.net/
