On Fri, 09 Jan 2015 06:27:44 +0000, m...@ruggedinbox.com stated: > Hi all, when hardening dovecot against the POODLE vulnerability, > we followed the advise to disable SSL2 and SSL3 > but this is giving problems with some email clients (claws-mail). > > ssl_protocols = !SSLv2 !SSLv3 > > results in the following error: > > dovecot: pop3-login: Disconnected (no auth attempts in 1 secs): user=<>, > rip=XXX, lip=XXX, TLS handshaking: SSL_accept() failed: > error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher, > session=<2C8jBjIMmQBVGNd1> > > Since our mail stack is based on postfix, can you please suggest a > better 'ssl_protocols' and 'ssl_cipher_list' configuration ? > We are running Debian 7 Wheezy
I am running Postfix mail_version = 2.12-20141106 and Dovecot 2.2.15 with claws-mail 3.11.1 and have ssl_protocols = !SSLv2 !SSLv3 set in the 10-ssl.conf file. Unlike you, I am not experiencing any problems. Your problem must be in some setting you have configured in claws-mail. You should really check on their forum for an answer. -- Jerry
