• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion
  • Please beaware of a breaking change in the REST API on the current Plesk release (18.0.62).
    Starting from Plesk Obsidian 18.0.62, requests to REST API containing the Content-Type header with a media-type directive other than “application/json” will result in the HTTP “415 Unsupported Media Type” client error response code. Read more here

Issue DEBIAN 12 OPENSSL 3.0 DOVECOT does not allow login

J

jsmithplesk

New Pleskian
Server operating system version
Debain 12
Plesk version and microupdate number
18.0.61.5
server is debian 12 running plesk with dovecot
when i try to log in to a mail account via webmail i get this error
Jun 30 17:43:36 hetzner2 dovecot: master: Dovecot v2.3.21 (47349e2482) starting up for imap, pop3, sieve (core dumps disabled)
Jun 30 17:44:21 hetzner2 dovecot: imap-login: Error: Failed to initialize SSL server context: Can't load SSL certificate (ssl_cert setting): error:0A000180:SSL routines::bad value: section=system_default, cmd=MinProtocol, arg=TLSv1.0: user=<>, rip=::1, lip=::1, secured, session=<jWhIMR4c2sIAAAAAAAAAAAAAAAAAAAAB>
Jun 30 17:44:38 hetzner2 dovecot: imap-login: Error: Failed to initialize SSL server context: Can't load SSL certificate (ssl_cert setting): error:0A000180:SSL routines::bad value: section=system_default, cmd=MinProtocol, arg=TLSv1.0: user=<>, rip=176.35.196.164, lip=136.243.44.183, session=<iEJKMh4ct+SwI8Sk>
my conf file file for 11-plesk-security-ssl.conf is
ssl = yes
ssl_cert = </etc/dovecot/private/dovecot.pem
ssl_key = </etc/dovecot/private/dovecot.pem
ssl_dh = </opt/psa/etc/dhparams2048.pem

ssl_cipher_list=EECDH+AESGCM+AES128:EECDH+AESGCM+AES256:EECDH+CHACHA20:EECDH+SHA256+AES128:EECDH+SHA384+AES256:EECDH+SHA1+AES128:EECDH+SHA1+AES256:EECDH+HIGH:AESGCM+AES128:AESGCM+AES256:CHACHA20:SHA256+AES128:SHA256+AES256:SHA1+AES128:SHA1+AES256:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK:!KRB5:!aECDH:!kDH:!EDH
ssl_prefer_server_ciphers=yes

can any one help me with what i am doing wrong ?
 
Hi! The error message shows us that Dovecot is having trouble initializing the SSL server context because of some issues with SSL-related configs (ssl_cert setting). The clue is "arg=TLSv1.0" - Debian 12 does not support TLS 1.0 and 1.1 since the OS/OpenSSL developers want better security.

Looks like the option "ssl_min_protocol=TLSv1.2" is missing in /etc/dovecot/conf.d/11-plesk-security-ssl.conf
Try to add it (simply on a new line) and reload the configuration (systemctl reload dovecot).

I've also noticed some people try to fix that by using TLS 1.0 or 1.1 (TLS 1.0 broken with newer Debian/OpenSSL) but I would not recommend that
 
You must log in or register to reply here.

Similar threads

J
Question Dovecot Error: auth-master: userdb list: User listing returned failure
Replies
2
Views
2K
Jadek
J
T
Issue SMTPD No Auth from IP Issue
Replies
2
Views
1K
Tessxr
T
L
Resolved IMAP not working with STARTTLS or SSL/TLS Mailserver Dovecot Problem
Replies
3
Views
3K
lberens
L
C
Question SSLv3 Error on Dovecot
Replies
5
Views
6K
mow
M
V
Question Why is PCI DSS compliant Dovecot configuration setting ssl_prefer_server_ciphers to no?
Replies
2
Views
2K
IgorG
IgorG
Back
Top