On 20/07/2019 13:12 Reio Remma via dovecot < [email protected]> wrote:
On 19.07.2019 0:24, Reio Remma via dovecot wrote:I'm attempting to get Dovecot working with MySQL user database onanother machine. I can connect to the MySQL (5.7.26) instance with SSLenabled:mysql -h db.mrst.ee --ssl-ca=/etc/dovecot/ca.pem--ssl-cert=/etc/dovecot/client-cert.pem--ssl-key=/etc/dovecot/client-key.pem --ssl-cipher=DHE-RSA-AES256-SHA-u vmail -pHowever if I use the same values in dovecot-sql.conf.ext, I get thefollowing error:Jul 19 00:20:18 turin dovecot: auth-worker(82996): Error:mysql(db.mrst.ee): Connect failed to database (vmail): SSL connectionerror: protocol version mismatch - waiting for 1 seconds before retryJul 19 00:20:19 turin dovecot: auth-worker(82996): Error:mysql(db.mrst.ee): Connect failed to database (vmail): Connectionsusing insecure transport are prohibited while--require_secure_transport=ON. - waiting for 5 seconds before retryDatabase connection string:connect = host=db.mrst.ee dbname=vmail user=vmail password=stuff \ssl_ca=/etc/dovecot/ca.pem \ssl_cert=/etc/dovecot/client-cert.pem \ssl_key=/etc/dovecot/client-key.pem \ssl_cipher=DHE-RSA-AES256-SHAUpdate: I got it to connect successfully now after downgrading the MySQLserver tls-version from TLSv1.1 to TLSv1.
Is there a reason why Dovecot MySQL doesn't support TLSv1.1?
Thanks!Reio
Dovecot mysql uses libmysqlclient. We do not enforce any particular tls protocol version. If it requires you to downgrade I suggest you review your client my.cnf for any restrictions.
--- Aki Tuomi
