[ingo] TLS & Managesieve & dovecot

Ralf Lang lang at b1-systems.de
Thu Mar 10 09:19:30 UTC 2022 

Hi Reinhard,

Am 10.03.2022 um 10:08 schrieb Prößler, Reinhard:
> Dear colleagues
>
>   
>
> Currently I setup a Horde Groupware system on SuSE SLES 15.3 and OpenSuse
> 15.3, Horde Groupware is installed via PEAR.
>
> All works fine, Mail goes in and out, TLS Imap is ok.
>
> Even Horde Ingo with connection to Dovecot managesieve works fine. With
> Plain authentication and without TLS.
>
>   
>
> If I enable TLS in ingo/config/backend.local.php:
>
>   
>
>                  // Hostname of the timsieved server
>
>                  'hostspec' => 'localhost',
>
>                  // Login type of the server
>
>                  'logintype' => 'PLAIN',
>
>                  // Enable/disable TLS encryption
>
>                  'usetls' => true,
>
>                  // Port number of the timsieved server
>
>                  'port' => 4190,
>
>                  // Name of the sieve script
>
>                  'scriptname' => 'ingo',
>
>                 // Enable debugging. The sieve protocol communication is
>
>                  // logged with the DEBUG level.
>
>                  'debug' => true,
>
>   
>
> Then it fails and I get an error:
>
> ###
>
> ar 10 10:03:52 s0 HORDE[14191]: [ingo] PHP ERROR:
> stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL
> Error messages:
>
> Mar 10 10:03:52 s0 HORDE[14191]: error:1416F086:SSL
> routines:tls_process_server_certificate:certificate verify failed [pid 14191
> on line 1404 of "/usr/share/php7/PEAR/Net/Sieve.php"]
>
> Mar 10 10:03:52 s0 dovecot[15382]: managesieve-login: Disconnected:
> Connection closed: SSL_accept() failed: error:14094418:SSL
> routines:ssl3_read_bytes:tlsv1 alert unknown ca: SSL alert number 48 (no
> auth attempts in 0 secs): user=<>, rip=::1, lip=::1, TLS handshaking:
> SSL_accept() failed: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert
> unknown ca: SSL alert number 48, session=<2pFBftnZ1OAAAAAAAAAAAAAAAAAAAAAB>
>
can you provide the output of

openssl s_client -connect <hostname> : <port>

run on the Horde VM connecting to the managesieve port on the sieve VM?

possible issues:
- No common TLS version / cipher suite allowed between both parties
- Certificate CA not known to openssl


> -- 
> Ralf Lang
> Linux Consultant / Developer
> Tel.: +49-170-6381563
> Mail:lang at b1-systems.de
> B1 Systems GmbH
> Osterfeldstraße 7 / 85088 Vohburg /http://www.b1-systems.de
> GF: Ralph Dehner / Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537

More information about the ingo mailing list