• Hi, Pleskians! We are running a UX testing of our upcoming product intended for server management and monitoring.
    We would like to invite you to have a call with us and have some fun checking our prototype. The agenda is pretty simple - we bring new design and some scenarios that you need to walk through and succeed. We will be watching and taking insights for further development of the design.
    If you would like to participate, please use this link to book a meeting. We will sent the link to the clickable prototype at the meeting.
  • (Plesk for Windows):
    MySQL Connector/ODBC 3.51, 5.1, and 5.3 are no longer shipped with Plesk because they have reached end of life. MariaDB Connector/ODBC 64-bit 3.2.4 is now used instead.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.

Issue DEBIAN 12 OPENSSL 3.0 DOVECOT does not allow login

J

jsmithplesk

New Pleskian
Server operating system version
Debain 12
Plesk version and microupdate number
18.0.61.5
server is debian 12 running plesk with dovecot
when i try to log in to a mail account via webmail i get this error
Jun 30 17:43:36 hetzner2 dovecot: master: Dovecot v2.3.21 (47349e2482) starting up for imap, pop3, sieve (core dumps disabled)
Jun 30 17:44:21 hetzner2 dovecot: imap-login: Error: Failed to initialize SSL server context: Can't load SSL certificate (ssl_cert setting): error:0A000180:SSL routines::bad value: section=system_default, cmd=MinProtocol, arg=TLSv1.0: user=<>, rip=::1, lip=::1, secured, session=<jWhIMR4c2sIAAAAAAAAAAAAAAAAAAAAB>
Jun 30 17:44:38 hetzner2 dovecot: imap-login: Error: Failed to initialize SSL server context: Can't load SSL certificate (ssl_cert setting): error:0A000180:SSL routines::bad value: section=system_default, cmd=MinProtocol, arg=TLSv1.0: user=<>, rip=176.35.196.164, lip=136.243.44.183, session=<iEJKMh4ct+SwI8Sk>
my conf file file for 11-plesk-security-ssl.conf is
ssl = yes
ssl_cert = </etc/dovecot/private/dovecot.pem
ssl_key = </etc/dovecot/private/dovecot.pem
ssl_dh = </opt/psa/etc/dhparams2048.pem

ssl_cipher_list=EECDH+AESGCM+AES128:EECDH+AESGCM+AES256:EECDH+CHACHA20:EECDH+SHA256+AES128:EECDH+SHA384+AES256:EECDH+SHA1+AES128:EECDH+SHA1+AES256:EECDH+HIGH:AESGCM+AES128:AESGCM+AES256:CHACHA20:SHA256+AES128:SHA256+AES256:SHA1+AES128:SHA1+AES256:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK:!KRB5:!aECDH:!kDH:!EDH
ssl_prefer_server_ciphers=yes

can any one help me with what i am doing wrong ?
 
Hi! The error message shows us that Dovecot is having trouble initializing the SSL server context because of some issues with SSL-related configs (ssl_cert setting). The clue is "arg=TLSv1.0" - Debian 12 does not support TLS 1.0 and 1.1 since the OS/OpenSSL developers want better security.

Looks like the option "ssl_min_protocol=TLSv1.2" is missing in /etc/dovecot/conf.d/11-plesk-security-ssl.conf
Try to add it (simply on a new line) and reload the configuration (systemctl reload dovecot).

I've also noticed some people try to fix that by using TLS 1.0 or 1.1 (TLS 1.0 broken with newer Debian/OpenSSL) but I would not recommend that
 
You must log in or register to reply here.

Similar threads

J
Question Dovecot Error: auth-master: userdb list: User listing returned failure
Replies
3
Views
3K
solomongrundy5
S
S
Resolved Dovecot Broken After Latest Update
Replies
4
Views
2K
scpcomp
S
T
Issue SMTPD No Auth from IP Issue
Replies
2
Views
2K
Tessxr
T
O
Question Nginx compile by Plesk and chipers
Replies
6
Views
2K
IgorG
IgorG
B
Issue ERROR MAIL error:0A000102:SSL
Replies
1
Views
4K
Peter Debik
P
Back
Top