On Tue, 2020-03-31 at 09:06 +0300, Aki Tuomi wrote: > > > > On 30/03/2020 22:11 Ben Mulvihill <ben.mulvih...@gmail.com> wrote: > > > > > > I am trying to backup a gmail account (not the one I am writing > > from) > > to dovecot, using doveadm-backup and imapc, but am having ssl > > connection problems. > > > > ted@expectation:~# doveadm backup -D -R -u ted imapc: > > dsync(ted): Info: imapc(imap.gmail.com:993): Connected to > > 74.125.71.108:993 (local 10.7.1.179:53852) > > dsync(ted): Warning: imapc(imap.gmail.com:993): Server disconnected > > unexpectedly: SSL_connect() failed: error:14094410:SSL > > routines:ssl3_read_bytes:sslv3 alert handshake failure: SSL alert > > number 40 - reconnecting (delay 0 ms) > > dsync(ted): Info: imapc(imap.gmail.com:993): Connected to > > 74.125.71.109:993 (local 10.7.1.179:59052) > > dsync(ted): Error: imapc(imap.gmail.com:993): Server disconnected > > unexpectedly: SSL_connect() failed: error:14094410:SSL > > routines:ssl3_read_bytes:sslv3 alert handshake failure: SSL alert > > number 40 - disconnecting > > dsync(ted): Error: User initialization failed: imapc: Login to > > imap.gmail.com failed: Disconnected from serv > > > > > > I am using dovecot version 2.2.33.2 on ubuntu, with the > > configuration below. > > I have also enabled "allow access from unsecure apps" in my > > gmail settings. > > > > My first thought looking at the error messages was has that > > perhaps doveadm-backup was trying to connect with ssl3, which > > is no longer supported by gmail or anyone else nowadays. > > But apparently the ssl3_read_bytes function in openssl also > > handles tls, so the reference to ssl3 in the message is > > misleading, and the real problem must be elsewhere. > > > > If anyone can help me debug this I'd be grateful. > > > > Many thanks, > > Ben > > > > root@expectation:/etc/dovecot# doveconf -N > > # 2.2.33.2 (d6601f4ec): /etc/dovecot/dovecot.conf > Hi! > > This is very old version of dovecot so this could be a bug that has > been fixed in more recent version. > > Can you verify that you have the required CA certs with > > openssl s_client -connect imap.gmail.com:993 -servername > imap.gmail.com -CApath /etc/ssl/certs > > and make sure the cert gets validated by openssl. > > If it does, then you should probably consider upgrading to some more > recent version. We provide packages at https://repo.dovecot.org if > you are able to upgrade. > > Aki
Hi Aki! I checked the CA certificate and it was validated OK, so I followed your suggestion and installed dovecot version 2.3.10 from the dovecot repository (the version I was using previously was the latest available in my distribution). The ssl handshake now completes successfully. I have hit further problems later in the process, but I'll investigate myself first and then maybe post again with the details if I am still stuck. Thank you for your help! Ben
