Bug 1836522
| Summary: | imap-login: Error: Failed to initialize SSL server context: Can't load SSL certificate: error:1418708B:SSL routines:ssl_do_config:unknown command | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Prem Słaby <przemub> |
| Component: | dovecot | Assignee: | Michal Hlavinka <mhlavink> |
| Status: | CLOSED DUPLICATE | QA Contact: | BaseOS QE - Apps <qe-baseos-apps> |
| Severity: | high | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 8.4 | ||
| Target Milestone: | rc | ||
| Target Release: | 8.0 | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-09-23 10:51:49 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
This is a regression - yum downgrade dovecot-2.2.36-10.el8.x86_64 fixes the issue. *** This bug has been marked as a duplicate of bug 1847697 *** |
Description of problem: STARTTLS command issued to IMAP server fails with the following logs: May 16 15:30:44 prem dovecot[2664]: master: Dovecot v2.3.8 (9df20d2db) starting up for imap, pop3, lmtp May 16 15:30:44 prem postfix/master[2691]: daemon started -- version 3.3.1, configuration /etc/postfix May 16 15:30:48 prem dovecot[2690]: imap-login: Error: Failed to initialize SSL server context: Can't load SSL certificate: error:1418708B:SSL routines:ssl_do_config:unknown command: section=system_default, cmd=@SECLEVEL, arg=2:kEECDH:kRSA:kEDH:kPSK:kDHEPSK:kECDHEPSK:-aDSS:-3DES:!DES:!RC4:!RC2:!IDEA:-SEED:!eNULL:!aNULL:!MD5:-SHA384:-CAMELLIA:-ARIA:-AESCCM8: user=<>, rip=192.168.1.100, lip=192.168.1.202, session=<m+6gxsSlCMLAqAFk> May 16 15:30:48 prem dovecot[2690]: imap-login: Disconnected: TLS initialization failed. (no auth attempts in 3 secs): user=<>, rip=192.168.1.100, lip=192.168.1.202, session=<m+6gxsSlCMLAqAFk> Version-Release number of selected component (if applicable): 2.3.8 (9df20d2db) How reproducible: I am not sure. I use LetsEncrypt issued certificate. Steps to Reproduce: Changes to doveconf as output by dovecot -n: # 2.3.8 (9df20d2db): /etc/dovecot/dovecot.conf # OS: Linux 4.18.0-193.1.2.el8_2.x86_64 x86_64 Red Hat Enterprise Linux release 8.2 (Ootpa) # Hostname: prem.moe first_valid_uid = 1000 mbox_write_locks = fcntl namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0600 user = postfix } } ssl = required ssl_cert = </etc/letsencrypt/live/1mi.pl/fullchain.pem ssl_cipher_list = PROFILE=SYSTEM ssl_dh = # hidden, use -P to show it ssl_key = # hidden, use -P to show it userdb { driver = passwd } Actual results: SSL initialization fails and so the login. Expected results: SSL initializes.