Re: [qmailtoaster] SSL Problem Dovecot

[Gary Bowling]

So this may be an issue of the tlsserverciphers file. Some times it's interesting not knowing what your doing! haha I guess the question I have is.. What is the proper tlsserverciphers for a qmailtoaster with a letsencrypt certificate. If that even makes sense. And what is the proper way to actually do it. I've read multiple things on various forums, including here. One says to do: echo "!EDH:!DHE:!RC4:!ADH:!DSS:HIGH:+AES128:+AES256-SHA256:+AES128-SHA256:+SHA:!3DES:!NULL:!aNULL:!eNULL" > /var/qmail/control/tlsserverciphers One says to do: openssl ciphers 'MEDIUM:HIGH:!SSLv2:!MD5:!RC4:!3DES' > /var/qmail/control/tlsserverciphers yet another says to create a sym link to the servercert.pem file. ln -sf /var/qmail/control/servercert.pem /var/qmail/control/tlsserverciphers I guess it has to do with how tight you want security to be and maybe tlsserverciphers can contain various forms of how to define that. Just looking for what "most" people would use for an up to date Centos 7 server. Thanks, Gary On 9/3/2019 11:04 AM, Gary Bowling wrote: I had to get a new cert for my server, which I installed yesterday. Now I'm having problems with certain clients logging in. I get the following error in the dovecot.log. TLS handshaking: SSL_accept() failed: error:1408A10B:SSL routines: ssl3_get_client_hello:wrong version number Any help would be appreciated. Thanks, Gary -- ____________________ Gary Bowling ____________________ --------------------------------------------------------------------- To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com --------------------------------------------------------------------- To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com