When trying openssl s_client to port 143, I get: no peer certificate available -- No client certificate CA names sent Negotiated TLS1.3 group: <NULL> --- SSL handshake has read 5 bytes and written 1556 bytes Verification: OK --- New, (NONE), Cipher is (NONE) Protocol: TLSv1.3 This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok)
Why there is no certificate present? Because dovecot refuse to present it since it thinks it is weak? Marek Odoslané pomocou bezpečného emailu Proton Mail. štvrtok 20. novembra 2025, 16:45, Marek Greško <[email protected]> napísal/a: > Hello, > > I added ca_file to the server section. I do not want clients to present > certificates, so I did not create the ssl client section you proposed. > > Any other suggestion? > > I still cannot imagine what could be the cause. > > Thanks > > Marek > > > > > Odoslané pomocou bezpečného emailu Proton Mail. > > > štvrtok 20. novembra 2025, 16:13, pgnd [email protected] napísal/a: > > > > after upgrading from Fedora 42 to Fedora 43 the dovecot got upgraded to > > > version 2.4. > > > > imo, a sloppy choice on their part, forcing the need to significantly > > change imap config at the same time as an OS upgrade, and 'breaking imap' > > for lots of folks. > > > > > Should the authority certificate be configured somewhere in dovecot? > > > > start with a thorough read of > > > > https://doc.dovecot.org/2.4.2/core/config/ssl.html > > > > if using self-signed certs, you'll end up with something similar to > > > > ssl = required > > ... > > ssl_server { > > ca_file = /path/to/your_CA.crt.pem > > cert_file = /path/to/your_domain.server.ec.crt.pem > > key_file = /path/to/your_domain.server.ec.key.pem > > ... > > } > > ssl_client { > > ca_file = /path/to/your_CA.crt.pem > > cert_file = /path/to/your_domain.client.ec.crt.pem > > key_file = /path/to/your_domain.client.ec.key.pem > > ... > > } _______________________________________________ dovecot mailing list -- [email protected] To unsubscribe send an email to [email protected]
