Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

SSL Certificate Error from IMAP Server

  • 3 majibu
  • 2 wana tatizo hili
  • 1 view
  • Last reply by Matt

more options

I am investigating this problem in the Dovecot mailing list as well as here.

Hopefully, there are users out there who are familiar with that IMAP server

For years, I have been running the Dovecot/Thunderbird combination. However, I am preparing a new server and both applications have obviously changed. An SSL certificate seems to be the cause of the problem. My TB settings are:

IMAP: Connection Security: SSL/TLS Port: 993 Authentication Method: Normal Password

The specific error message produced by TB attempting to connect is this: dovecot: imap-login: Disconnected: TLS: SSL_read() failed: SSL routines:ssl3_read_bytes:sslv3 alert bad certificate: SSL alert number 42

Dovecot seems to be complaining about the lack of an SSL certificate (or defective) despite the fact that my settings are: auth_ssl_require_client_cert = no ssl_verify_client_cert = no

Those settings work fine in my old server.

When I use the command below under Linux, everything is fine: openssl s_client -connect dovecot-server:imaps

At this point I prefer not having an SSL certificate on the Thunderbird side.

TIA

I am investigating this problem in the Dovecot mailing list as well as here. Hopefully, there are users out there who are familiar with that IMAP server For years, I have been running the Dovecot/Thunderbird combination. However, I am preparing a new server and both applications have obviously changed. An SSL certificate seems to be the cause of the problem. My TB settings are: IMAP: Connection Security: SSL/TLS Port: 993 Authentication Method: Normal Password The specific error message produced by TB attempting to connect is this: dovecot: imap-login: Disconnected: TLS: SSL_read() failed: SSL routines:ssl3_read_bytes:sslv3 alert bad certificate: SSL alert number 42 Dovecot seems to be complaining about the lack of an SSL certificate (or defective) despite the fact that my settings are: auth_ssl_require_client_cert = no ssl_verify_client_cert = no Those settings work fine in my old server. When I use the command below under Linux, everything is fine: openssl s_client -connect dovecot-server:imaps At this point I prefer not having an SSL certificate on the Thunderbird side. TIA

All Replies (3)

more options

Why set Tbird to use SSL/TLS connection security if you don't want a certificate involved?

more options

Stans said

Why set Tbird to use SSL/TLS connection security if you don't want a certificate involved?

Hi Stans:

I am attempting to have a minimum configuration (which worked fine for a long time) up&running. Dovecot allows fine-grained control. This is one the settings mentioned by the Dovecot expert:

protocol imap {

   ssl_verify_client_cert = yes
   auth_ssl_require_client_cert = no
   ssl = required

}

protocol submission {

   ssl_verify_client_cert = yes
   auth_ssl_require_client_cert = no
   ssl = required

}

Under some configuration, the server produces a certificate but the client does not. Presumably.

I will tighten the security settings later.

Thanks

Modified by Raymond H

more options

I think the clue here is you are using SSLV3 by the looks of the error you posted.

See https://support.mozilla.org/en-US/kb/thunderbird-78-faq#w_after-upgrading-to-thunderbird-78-i-cannot-get-or-send-email-messages

The minimum for encrypted connections is TLS V1.2