> On 30/03/2020 22:11 Ben Mulvihill <ben.mulvih...@gmail.com> wrote: > > > I am trying to backup a gmail account (not the one I am writing from) > to dovecot, using doveadm-backup and imapc, but am having ssl > connection problems. > > ted@expectation:~# doveadm backup -D -R -u ted imapc: > dsync(ted): Info: imapc(imap.gmail.com:993): Connected to > 74.125.71.108:993 (local 10.7.1.179:53852) > dsync(ted): Warning: imapc(imap.gmail.com:993): Server disconnected > unexpectedly: SSL_connect() failed: error:14094410:SSL > routines:ssl3_read_bytes:sslv3 alert handshake failure: SSL alert > number 40 - reconnecting (delay 0 ms) > dsync(ted): Info: imapc(imap.gmail.com:993): Connected to > 74.125.71.109:993 (local 10.7.1.179:59052) > dsync(ted): Error: imapc(imap.gmail.com:993): Server disconnected > unexpectedly: SSL_connect() failed: error:14094410:SSL > routines:ssl3_read_bytes:sslv3 alert handshake failure: SSL alert > number 40 - disconnecting > dsync(ted): Error: User initialization failed: imapc: Login to > imap.gmail.com failed: Disconnected from serv > > > I am using dovecot version 2.2.33.2 on ubuntu, with the > configuration below. > I have also enabled "allow access from unsecure apps" in my > gmail settings. > > My first thought looking at the error messages was has that > perhaps doveadm-backup was trying to connect with ssl3, which > is no longer supported by gmail or anyone else nowadays. > But apparently the ssl3_read_bytes function in openssl also > handles tls, so the reference to ssl3 in the message is > misleading, and the real problem must be elsewhere. > > If anyone can help me debug this I'd be grateful. > > Many thanks, > Ben > > root@expectation:/etc/dovecot# doveconf -N > # 2.2.33.2 (d6601f4ec): /etc/dovecot/dovecot.conf
Hi! This is very old version of dovecot so this could be a bug that has been fixed in more recent version. Can you verify that you have the required CA certs with openssl s_client -connect imap.gmail.com:993 -servername imap.gmail.com -CApath /etc/ssl/certs and make sure the cert gets validated by openssl. If it does, then you should probably consider upgrading to some more recent version. We provide packages at https://repo.dovecot.org if you are able to upgrade. Aki
