• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Issue Dovecot: Wrong Version Number

tkalfaoglu

Silver Pleskian
I am seeing:

Jan 11 15:11:02 ocean dovecot[33614]: imap-login: Disconnected: Connection closed: SSL_accept() failed: error:1408F10B:SSL routines:ssl3_get_record:wrong version number (no auth attempts in 0 secs): user=<>, rip=x.x.x.x, lip=x.x.x.x, TLS handshaking: SSL_accept() failed: error:1408F10B:SSL routines:ssl3_get_record:wrong version number, session=<gIrIWE3V9MwVY/k2>

in the maillogs.. How can I correct this problem?
I searched here and google, but did not see this "Wrong version number" error. mentioned.

Many thanks, -t
 
This essentially tells you that a client tried to connect with an unsupported TLS version.
Maybe your server only supports TLSv1.2 and TLSv1.3 but the client tried to connect with TLSv1 or TLSv1.1 or the other way round.

To see which TLS versions are configured on your Plesk server run this:
# plesk sbin sslmng --show-config

Then check the "dovecot" section.
 
Many thanks! It shows like this:

"dovecot": {
"certificate": true,
"ciphers": "EECDH+AESGCM+AES128:EECDH+AESGCM+AES256:EECDH+CHACHA20:EDH+AESGCM+AES128:EDH+AESGCM+AES256:EDH+CHACHA20:EECDH+SHA256+AES128:EECDH+SHA384+AES256:EDH+SHA256+AES128:EDH+SHA256+AES256:E
ECDH+SHA1+AES128:EECDH+SHA1+AES256:EDH+SHA1+AES128:EDH+SHA1+AES256:EECDH+HIGH:EDH+HIGH:AESGCM+AES128:AESGCM+AES256:CHACHA20:SHA256+AES128:SHA256+AES256:SHA1+AES128:SHA1+AES256:HIGH:!aNULL:!eNULL:!EXPORT:!D
ES:!RC4:!3DES:!MD5:!PSK:!KRB5:!aECDH:!kDH",
"cipher_server_order": true,
"cert": "/usr/local/psa/var/certificates/scf5WunPk",
"strong_dh": true,
"protocols": [
"TLSv1",
"TLSv1.1",
"TLSv1.2"
],
"dhparams_size": 2048
},
 
Many thanks, I read the article and yes, this is a Centos 8.5 machine so it supports the TLS 1.3. If my understanding is correct, I just need to do a:

# plesk bin server_pref -u -ssl-protocols 'TLSv1 TLSv1.1 TLSv1.2 TLSv1.3'

to ensure that it supports everything?
 
Back
Top