Try setting SECLEVEL=0, also 2.3 is not officially supported by us on Ubuntu 22, so if it does not work, you'll have to bug the package maintainers.
Aki > On 24/11/2022 12:31 EET Six002 <six...@protonmail.com> wrote: > > > Hello, > I have ubuntu 22.04, dovecot 2.3.16 and old email client (Outlook 2013) and > their dont support TLSv1_2. > In dovecot 10-ssl.conf i put: ssl_min_protocol = TLSv1, > in openssl.cnf i have: > openssl_conf = default_conf > [ default_conf ] > ssl_conf = ssl_section > [ssl_section] > system_default = ssl_default_sectq > [ssl_default_sect] > MinProtocol = TLSv1 > CipherString = DEFAULT:@SECLEVEL=1 > > but when i check openssl s_client -connect localhost:993 -tls1_1 > have output: > > CONNECTED(00000003) > 803BD26AC67F0000:error:0A000126:SSL routines:ssl3_read_n:unexpected eof while > reading:../ssl/record/rec_layer_s3.c:308: > --- > no peer certificate available > --- > No client certificate CA names sent > --- > SSL handshake has read 0 bytes and written 111 bytes > Verification: OK > --- > New, (NONE), Cipher is (NONE) > Secure Renegotiation IS NOT supported > Compression: NONE > Expansion: NONE > No ALPN negotiated > SSL-Session: > Protocol : TLSv1.1 > Cipher : 0000 > Session-ID: > Session-ID-ctx: > Master-Key: > PSK identity: None > PSK identity hint: None > SRP username: None > Start Time: 1668602712 > Timeout : 7200 (sec) > Verify return code: 0 (ok) > Extended master secret: no > --- > > version tls1_2 and 1_3 works fine. > What I doing wrong? > Thanks for help. >
