[ingo] TLS & Managesieve & dovecot

Prößler, Reinhard reinhard.proessler at uni-hamburg.de
Thu Mar 10 10:17:01 UTC 2022

Hello Ralf


Yes, and i will look deeper in the result.


# openssl s_client -connect localhost:4190


139667961669440:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:332:


no peer certificate available


No client certificate CA names sent


SSL handshake has read 5 bytes and written 293 bytes

Verification: OK


New, (NONE), Cipher is (NONE)

Secure Renegotiation IS NOT supported

Compression: NONE

Expansion: NONE

No ALPN negotiated

Early data was not sent

Verify return code: 0 (ok)


Mit freundlichem Gruß


Reinhard Prößler


Universitaet Hamburg

Regionales Rechenzentrum

Basis Infrastruktur (BIN)

Schlueterstrasse 70

D-20146 Hamburg


Tel: +4940 42838 7121


Von: Ralf Lang <lang at b1-systems.de> 
Gesendet: Donnerstag, 10. März 2022 10:20
An: Prößler, Reinhard <reinhard.proessler at uni-hamburg.de>; ingo at lists.horde.org
Betreff: Re: [ingo] TLS & Managesieve & dovecot


Hi Reinhard,

Am 10.03.2022 um 10:08 schrieb Prößler, Reinhard:

Dear colleagues
Currently I setup a Horde Groupware system on SuSE SLES 15.3 and OpenSuse
15.3, Horde Groupware is installed via PEAR.
All works fine, Mail goes in and out, TLS Imap is ok.
Even Horde Ingo with connection to Dovecot managesieve works fine. With
Plain authentication and without TLS.
If I enable TLS in ingo/config/backend.local.php:
                // Hostname of the timsieved server
                'hostspec' => 'localhost',
                // Login type of the server
                'logintype' => 'PLAIN',
                // Enable/disable TLS encryption
                'usetls' => true,
                // Port number of the timsieved server
                'port' => 4190,
                // Name of the sieve script
                'scriptname' => 'ingo',
               // Enable debugging. The sieve protocol communication is
                // logged with the DEBUG level.
                'debug' => true,
Then it fails and I get an error:
ar 10 10:03:52 s0 HORDE[14191]: [ingo] PHP ERROR:
stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL
Error messages:
Mar 10 10:03:52 s0 HORDE[14191]: error:1416F086:SSL
routines:tls_process_server_certificate:certificate verify failed [pid 14191
on line 1404 of "/usr/share/php7/PEAR/Net/Sieve.php"]
Mar 10 10:03:52 s0 dovecot[15382]: managesieve-login: Disconnected:
Connection closed: SSL_accept() failed: error:14094418:SSL
routines:ssl3_read_bytes:tlsv1 alert unknown ca: SSL alert number 48 (no
auth attempts in 0 secs): user=<>, rip=::1, lip=::1, TLS handshaking:
SSL_accept() failed: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert
unknown ca: SSL alert number 48, session=<2pFBftnZ1OAAAAAAAAAAAAAAAAAAAAAB>

can you provide the output of 

openssl s_client -connect <hostname> : <port> 

run on the Horde VM connecting to the managesieve port on the sieve VM?

possible issues:
- No common TLS version / cipher suite allowed between both parties
- Certificate CA not known to openssl


Ralf Lang
Linux Consultant / Developer
Tel.: +49-170-6381563
Mail: lang at b1-systems.de <mailto:lang at b1-systems.de> 
B1 Systems GmbH
Osterfeldstraße 7 / 85088 Vohburg / http://www.b1-systems.de
GF: Ralph Dehner / Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6917 bytes
Desc: not available
URL: <https://lists.horde.org/archives/ingo/attachments/20220310/dbb94cfe/attachment-0001.bin>

More information about the ingo mailing list