[BlueOnyx:15941] Re: Dovecot error after latest Update on 5208R

Tobias Gablunsky t.gablunsky at cbxnet.de
Wed Sep 10 08:58:54 -05 2014 

I put an old config file back in place. Now it works again with these clients.

Here is the diff between the old and the new /etc/dovecot/conf.d/10-ssl.conf:

[root at elf conf.d]# diff 10-ssl.conf 10-ssl.conf.bak
6c6
< #ssl = yes
---
> ssl = yes
28c28
< #ssl_verify_client_cert = no
---
> ssl_verify_client_cert = no
38c38
< #ssl_parameters_regenerate = 168
---
> ssl_parameters_regenerate = 168
41c41,44
< #ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL
---
> ssl_cipher_list = 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA'
> #ssl_prefer_server_ciphers = yes

So it seems the Outlook version would like to use a weak ciper algorithm. Which I dont understand because the version seems to be up-to-date (at least there was an update for it on the end of june)..

Regards,

Tobias



> -----Original Message-----
> From: blueonyx-bounces at mail.blueonyx.it [mailto:blueonyx-
> bounces at mail.blueonyx.it] On Behalf Of Tobias Gablunsky
> Sent: Wednesday, September 10, 2014 2:06 PM
> To: BlueOnyx General Mailing List
> Subject: [BlueOnyx:15939] Dovecot error after latest Update on 5208R
> 
> Hello all,
> 
> today I installed a bunch of updates on an BO 5208R system:
> 
> Sep 10 12:03:50 Updated: base-email-locale-it_IT-1.6.0-0BX19.el6.noarch
> Sep 10 12:03:50 Updated: base-email-locale-en_US-1.6.0-0BX19.el6.noarch
> Sep 10 12:03:50 Updated: base-email-locale-da_DK-1.6.0-0BX19.el6.noarch
> Sep 10 12:03:52 Updated: kernel-firmware-2.6.32-431.29.2.el6.noarch
> Sep 10 12:03:52 Updated: base-email-locale-nl_NL-1.6.0-0BX19.el6.noarch
> Sep 10 12:03:52 Updated: base-email-locale-fr_FR-1.6.0-0BX19.el6.noarch
> Sep 10 12:03:52 Updated: base-email-locale-es_ES-1.6.0-0BX19.el6.noarch
> Sep 10 12:03:52 Updated: base-email-locale-pt_PT-1.6.0-0BX19.el6.noarch
> Sep 10 12:03:54 Updated: base-email-glue-1.6.0-0BX19.el6.noarch
> Sep 10 12:03:55 Updated: base-email-ui-1.6.0-0BX19.el6.noarch
> Sep 10 12:03:55 Updated: base-email-locale-ja_JP-1.6.0-0BX19.el6.noarch
> Sep 10 12:03:55 Updated: base-email-locale-de_DE-1.6.0-0BX19.el6.noarch
> Sep 10 12:03:56 Updated: base-blueonyx-glue-5208R-
> 4.20140909BX03.el6.noarch
> Sep 10 12:03:56 Updated: base-email-capstone-1.6.0-0BX19.el6.noarch
> Sep 10 12:03:56 Updated: base-blueonyx-capstone-5208R-
> 4.20140909BX03.el6.noarch
> Sep 10 12:04:01 Installed: kernel-2.6.32-431.29.2.el6.x86_64
> Sep 10 12:04:02 Updated: kernel-headers-2.6.32-431.29.2.el6.x86_64
> 
> One of these seems to have broken the compatibility to Outlook-Clients (at
> least for Outlook 14.4.3 for MacOS). This is the error that gets logged in
> the maillog:
> 
> TLS handshaking: SSL_accept() failed: error:1408A0C1:SSL
> routines:SSL3_GET_CLIENT_HELLO:no shared cipher
> 
> Any help is greatly appreciated.
> 
> Thanks,
> 
> Tobias
> 
> 
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at mail.blueonyx.it
> http://mail.blueonyx.it/mailman/listinfo/blueonyx

More information about the Blueonyx mailing list