Hi, today I changed my SSL certificates to "sha256WithRSAEncryption", because Thunderbird started complaining about me old SHA1 certificates. ;) One pop3s client (it's a kind of java based mailgate) causes a lot of these errors, not at each connect, but on about two of 140 mailbox connects within 5 minutes: mail log: ---------- May 20 23:14:02 mailserv cyrus/pop3s[17825]: accepted connection May 20 23:14:02 mailserv cyrus/pop3s[17825]: SSL_accept() incomplete -> wait May 20 23:14:02 mailserv cyrus/pop3s[17825]: sslv3 alert certificate unknown in SSL_accept() -> fail May 20 23:14:02 mailserv cyrus/pop3s[17825]: pop3s failed: ppp-xx-xx-xx-xx.domain.de [xx.xx.xx.xx] May 20 23:14:02 mailserv cyrus/pop3s[17825]: Fatal error: tls_start_servertls() failed May 20 23:14:02 mailserv cyrus/pop3s[17825]: counts: retr=<0> top=<0> dele=<0> ---------- error log: ---------- May 20 23:12:07 mailserv cyrus/pop3s[17838]: Fatal error: tls_start_servertls() failed ---------- If I check pop3s with my Thunderbird or other clients everything is fine. SSL checker e.g. on https://decoder.link/sslchecker doesn't show any errors and it's only this one pop3 client, which causes this error. I didn't changed anything in imap.conf, but replacing cert files and reload imapd tls_cert_file tls_key_file tls_ca_file tls_cipher_list is unchanged: tls_cipher_list: TLSv1+HIGH:!aNULL:@STRENGTH Is the client sending a client certificate, which my server doesn't like? But I don't ask for any client certificates. System: cyrus 2.4.12 Ciao Marcus ---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
