I'm subscribed now!
On 2020-04-06 13:47, Jan Kundrát wrote:
(All, please keep David in Cc, he's not subscribed to the list.)
Searching for a viable alternative to resource hungry Thunderbird or
orthdoxy-crippled claws, I stumbled on Trojita for windows. I'd love to give it
a try, but when it tries to connect to my dovecot server, i get:
Hi David,
are you building yourself, or is this coming from our Windows build?
I'm asking because our Windows builds are done on a best-effort basis. We
relied on MinGW packages on Fedora/EPEL, and I have a feeling that these are
not well maintained :(. I think that nobody from the dev team really runs
Trojita on Windows on a daily basis (I know I don't).
Apr 06 03:26:22 imap-login: Info: Disconnected (no auth attempts in 0 secs): user=<>,
rip=185.106.28.249, lip=10.3.69.135, TLS handshaking: SSL_accept() failed:
error:1402710B:SSL routines:ACCEPT_SR_CLNT_HELLO_C:wrong version number,
session=<EpHYspyi+jq5ahz5>
Yes, this looks like a mismatch in supported ciphers (or perhaps TLS
protocols?). You could try either relaxing the requirements on the server side
(while understanding the security implications, which might be tricky;
presumably there's a reason why your likely rejects some ciphers), or building
Trojita yourself with an up-to-date OpenSSL.
It seems likely. I am running the following config with dovecot:
ssl = required
ssl_cert = </usr/local/etc/ssl/acme/blackrosetech.com/fullchain.pem
ssl_cipher_list = ALL:!ADH:!LOW:!EXP:!aNULL:+HIGH:!MEDIUM
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
ssl_min_protocol = TLSv1.2
ssl_prefer_server_ciphers = yes
I run LibreSSL on the server - it was part of a switch to LetsEncrypt (quite) a
few years ago. It is no longer necessary as the LetsEncrypt management engine
that required it is no longer supported, but it is a huge hassle to switch back
to OpenSSL.
The error reported on the windows side is
The underlying socket is having troubles when processing connection to
mail.blackrostech.com:993: The remote host closed the connection.
Thanks,
-David
With kind regards,
Jan
