IMAP TLS connection to Dovecot fails

Friend of Kim asked:

Original title: IMAP connection to Dovecot fails only from Thunderbird

I have set up Dovecot with SSL (TLS) on port 993. I can connect with Outlook, PHP SMTP and Android Mail, however Thunderbird doesn’t connect. It says Configuration could not be verified - is the username or password wrong?. The Dovecot error log shows this:

Jan 05 22:41:45 imap-login: Warning: SSL: where=0x10, ret=1: before/accept initialization [1.2.3.4]
Jan 05 22:41:45 imap-login: Warning: SSL: where=0x2001, ret=1: before/accept initialization [1.2.3.4]
Jan 05 22:41:45 imap-login: Warning: SSL alert: where=0x4008, ret=598: fatal unknown [1.2.3.4]
Jan 05 22:41:45 imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client hello C [1.2.3.4]
Jan 05 22:41:45 imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client hello C [1.2.3.4]
Jan 05 22:41:45 imap-login: Info: Disconnected (no auth attempts in 0 secs): user=<>, rip=1.2.3.4, lip=4.5.6.7, TLS handshaking: SSL_accept() failed: error:140A1175:SSL routines:SSL_BYTES_TO_CIPHER_LIST:inappropriate fallback, session=<yDs4Z48DudCBhYne>

I have disabled SSLv2 and SSLv3 in 10-ssl.conf:

ssl_protocols = !SSLv2 !SSLv3
ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL

What can the problem be? It works fine in all the other email clients I have tried, which is why this is a bit strange.

My answer:


First thing I would do would be to update the client.

What is happening here is an attempted protocol downgrade. That is, the client is trying to downgrade from TLSv1 to SSLv3, or from any higher version of TLS to a lower version. (Exactly which is not clear from the logs, and would require more verbose OpenSSL debugging to be enabled, but that particular detail is not really relevant.)

The reason that the protocol downgrade is failing is that your server has protocol downgrade prevention (TLS_FALLBACK_SCSV) enabled, as a mitigation for the POODLE attack.

So, the first thing to check is to make sure the client is up to date; that means at minimum Thunderbird and its supporting libraries.

After that I would check the protocol list. I’m concerned that you didn’t specify TLSv1, TLSv1.1 and TLSv1.2 explicitly. While this shouldn’t make a difference, as these ought to be enabled by default, it might help.

ssl_protocols = TLSv1.2 TLSv1.1 TLSv1 !SSLv3 !SSLv2

Finally, there’s the rare possibility that you caught someone attempting to attack your connection, and the attack was thwarted.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.