• The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Issue Dovecot: Wrong Version Number

tkalfaoglu

tkalfaoglu

Silver Pleskian
I am seeing:

Jan 11 15:11:02 ocean dovecot[33614]: imap-login: Disconnected: Connection closed: SSL_accept() failed: error:1408F10B:SSL routines:ssl3_get_record:wrong version number (no auth attempts in 0 secs): user=<>, rip=x.x.x.x, lip=x.x.x.x, TLS handshaking: SSL_accept() failed: error:1408F10B:SSL routines:ssl3_get_record:wrong version number, session=<gIrIWE3V9MwVY/k2>

in the maillogs.. How can I correct this problem?
I searched here and google, but did not see this "Wrong version number" error. mentioned.

Many thanks, -t
 
This essentially tells you that a client tried to connect with an unsupported TLS version.
Maybe your server only supports TLSv1.2 and TLSv1.3 but the client tried to connect with TLSv1 or TLSv1.1 or the other way round.

To see which TLS versions are configured on your Plesk server run this:
# plesk sbin sslmng --show-config

Then check the "dovecot" section.
 
Many thanks! It shows like this:

"dovecot": {
"certificate": true,
"ciphers": "EECDH+AESGCM+AES128:EECDH+AESGCM+AES256:EECDH+CHACHA20:EDH+AESGCM+AES128:EDH+AESGCM+AES256:EDH+CHACHA20:EECDH+SHA256+AES128:EECDH+SHA384+AES256:EDH+SHA256+AES128:EDH+SHA256+AES256:E
ECDH+SHA1+AES128:EECDH+SHA1+AES256:EDH+SHA1+AES128:EDH+SHA1+AES256:EECDH+HIGH:EDH+HIGH:AESGCM+AES128:AESGCM+AES256:CHACHA20:SHA256+AES128:SHA256+AES256:SHA1+AES128:SHA1+AES256:HIGH:!aNULL:!eNULL:!EXPORT:!D
ES:!RC4:!3DES:!MD5:!PSK:!KRB5:!aECDH:!kDH",
"cipher_server_order": true,
"cert": "/usr/local/psa/var/certificates/scf5WunPk",
"strong_dh": true,
"protocols": [
"TLSv1",
"TLSv1.1",
"TLSv1.2"
],
"dhparams_size": 2048
},
 
Many thanks, I read the article and yes, this is a Centos 8.5 machine so it supports the TLS 1.3. If my understanding is correct, I just need to do a:

# plesk bin server_pref -u -ssl-protocols 'TLSv1 TLSv1.1 TLSv1.2 TLSv1.3'

to ensure that it supports everything?
 
You must log in or register to reply here.

Similar threads

Dork
Question Watchdog problem
Replies
3
Views
644
mow
M
B
Issue ERROR MAIL error:0A000102:SSL
Replies
1
Views
3K
Peter Debik
P
J
Issue DEBIAN 12 OPENSSL 3.0 DOVECOT does not allow login
Replies
1
Views
640
Yaroslav_T
Yaroslav_T
Endre
Issue Unable to access the remote backup storage using SFTP
Replies
6
Views
2K
Endre
Endre
O
Question Mail Log / Dovecot
Replies
0
Views
966
othmaqsa
O
Back
Top