[ingo] TLS & Managesieve & dovecot

Prößler, Reinhard reinhard.proessler at uni-hamburg.de
Thu Mar 10 10:17:01 UTC 2022 

Hello Ralf

 

Yes, and i will look deeper in the result.

 

# openssl s_client -connect localhost:4190

CONNECTED(00000003)

139667961669440:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:332:

---

no peer certificate available

---

No client certificate CA names sent

---

SSL handshake has read 5 bytes and written 293 bytes

Verification: OK

---

New, (NONE), Cipher is (NONE)

Secure Renegotiation IS NOT supported

Compression: NONE

Expansion: NONE

No ALPN negotiated

Early data was not sent

Verify return code: 0 (ok)

 

Mit freundlichem Gruß

 

Reinhard Prößler

 

Universitaet Hamburg

Regionales Rechenzentrum

Basis Infrastruktur (BIN)

Schlueterstrasse 70

D-20146 Hamburg

 

Tel: +4940 42838 7121

 

Von: Ralf Lang <lang at b1-systems.de> 
Gesendet: Donnerstag, 10. März 2022 10:20
An: Prößler, Reinhard <reinhard.proessler at uni-hamburg.de>; ingo at lists.horde.org
Betreff: Re: [ingo] TLS & Managesieve & dovecot

 

Hi Reinhard,

Am 10.03.2022 um 10:08 schrieb Prößler, Reinhard:

Dear colleagues
 
 
 
Currently I setup a Horde Groupware system on SuSE SLES 15.3 and OpenSuse
15.3, Horde Groupware is installed via PEAR.
 
All works fine, Mail goes in and out, TLS Imap is ok.
 
Even Horde Ingo with connection to Dovecot managesieve works fine. With
Plain authentication and without TLS.
 
 
 
If I enable TLS in ingo/config/backend.local.php:
 
 
 
                // Hostname of the timsieved server
 
                'hostspec' => 'localhost',
 
                // Login type of the server
 
                'logintype' => 'PLAIN',
 
                // Enable/disable TLS encryption
 
                'usetls' => true,
 
                // Port number of the timsieved server
 
                'port' => 4190,
 
                // Name of the sieve script
 
                'scriptname' => 'ingo',
 
               // Enable debugging. The sieve protocol communication is
 
                // logged with the DEBUG level.
 
                'debug' => true,
 
 
 
Then it fails and I get an error:
 
###
 
ar 10 10:03:52 s0 HORDE[14191]: [ingo] PHP ERROR:
stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL
Error messages:
 
Mar 10 10:03:52 s0 HORDE[14191]: error:1416F086:SSL
routines:tls_process_server_certificate:certificate verify failed [pid 14191
on line 1404 of "/usr/share/php7/PEAR/Net/Sieve.php"]
 
Mar 10 10:03:52 s0 dovecot[15382]: managesieve-login: Disconnected:
Connection closed: SSL_accept() failed: error:14094418:SSL
routines:ssl3_read_bytes:tlsv1 alert unknown ca: SSL alert number 48 (no
auth attempts in 0 secs): user=<>, rip=::1, lip=::1, TLS handshaking:
SSL_accept() failed: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert
unknown ca: SSL alert number 48, session=<2pFBftnZ1OAAAAAAAAAAAAAAAAAAAAAB>
 

can you provide the output of 



openssl s_client -connect <hostname> : <port> 



run on the Horde VM connecting to the managesieve port on the sieve VM?

possible issues:
- No common TLS version / cipher suite allowed between both parties
- Certificate CA not known to openssl

 

-- 
Ralf Lang
Linux Consultant / Developer
Tel.: +49-170-6381563
Mail: lang at b1-systems.de <mailto:lang at b1-systems.de> 
B1 Systems GmbH
Osterfeldstraße 7 / 85088 Vohburg / http://www.b1-systems.de
GF: Ralph Dehner / Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6917 bytes
Desc: not available
URL: <https://lists.horde.org/archives/ingo/attachments/20220310/dbb94cfe/attachment-0001.bin>

More information about the ingo mailing list