Unable to connect to Plesk mail server via an email client: TLS handshaking: SSL_accept() failed



1 comment

  • Avatar
    Virgil Turner

    Testing IMAP TLS/SSL using both https://testconnectivity.microsoft.com and latest version of Microsoft Outlook client fails to negotiate cryptographic connection with the following log:

    ### BEGIN LOG ENTRY ###
    imap-login: Disconnected: Connection Closed: SSL_accept() failed: error:0A000102:SSL routines::unsupported protocol (no auth attempts in 0 secs): user=<>, tip=, lip=, TLS handshaking: SSL_accept() failed: error:0A000102:SSL routines::unsupported protocol, session <sessionIDhere>
    ### END OF LOG ENTRY ###

    If I try to verify from a Linux machine using openssl on IMAP SSL port 993 then I get the expected LetsEncrypt certificates with expected CN names matching the domain, along wiht Dovecot welcome "* OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ AUTH=PLAIN AUTH=LOGIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5]"

    I have disabled OCSP Stapling as I read that this is not supported on Dovecot.
    When I run an SSL report at ssllabs.com I notice that the ONLY version of TLS supported by the certificate is TLS 1.3 (TLS 1.2 and below disabled, and SSL 3/2 both disabled.)
    The LetsEncrypt wildcard certificate is using an RSA 2048 bits key and SHA256withRSA signature. The TLS 1.3 ciphers supported are: TLS_AES_128_GCM_SHA256; TLS_AES_256_GCM_SHA384; TLS_CHACHA20_POLY1305_SHA256. 

    Any ideas for explanations/solutions?

    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request