- edited description
Dovecot fails imaps check on Ubuntu 20.04 (focal) with SSL connection error: error:1408F10B:SSL routines:ssl3_get_record:wrong version number
Issue #944
duplicate
OS info
# lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 20.04.1 LTS Release: 20.04 Codename: focal
Dovecot SSL config (generated by https://ssl-config.mozilla.org)
ssl = required ssl_cert = </etc/letsencrypt/live/mail.conigliaro.org/fullchain.pem ssl_key = </etc/letsencrypt/live/mail.conigliaro.org/privkey.pem ssl_dh = </etc/postfix/dh2048.pem # intermediate configuration ssl_min_protocol = TLSv1.2 ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 ssl_prefer_server_ciphers = no
Monit config
check process dovecot with pidfile /var/run/dovecot/master.pid if failed port 143 protocol imaps then restart
Monit log
[UTC Oct 30 21:59:30] warning : 'dovecot' failed protocol test [IMAP] at [localhost]:143 [TCP/IP TLS] -- SSL connection error: error:1408F10B:SSL routines:ssl3_get_record:wrong version number
Possibly related issues
Comments (8)
-
reporter
-
Hello Mike,
this is Monit 5.26.0 (?), are you sure.Do you have a look to the the TLS option used by the connection test, see https://mmonit.com/monit/documentation/monit.html#CONNECTION-TESTS for some more details.
You can set the used TLS via the option to TLSv1.2, see https://mmonit.com/monit/documentation/monit.html#SSL-OPTIONS.
A suggestion only,
Lutz -
reporter
Hi Lutz, thanks for the suggestions. FWIW, this is the version of monit that ships with Ubuntu 20.04:
# monit --version This is Monit version 5.26.0 Built with ssl, with ipv6, with compression, with pam and with large files Copyright (C) 2001-2019 Tildeslash Ltd. All Rights Reserved.
I added the following to my monitrc:
set ssl options { verify: enable }
Then I updated my check config:
if failed port 143 protocol imaps with tls options { version: tlsv12 } timeout 15 seconds for 3 cycles then restartSame error:
[UTC Oct 31 20:54:30] warning : 'dovecot' failed protocol test [IMAP] at [localhost]:143 [TCP/IP TLS] -- SSL connection error: error:1408F10B:SSL routines:ssl3_get_record:wrong version number
-
Hello Mike,
you point to the fix of your problem, I think, but the fix became available with Monit 5.27.0, see https://mmonit.com/monit/changes/.Switch to Monit 5.27.1 (see https://mmonit.com/monit/) to fix the problem.
Sorry,
Lutzp.s.
The distribution packages are not up to date in general and sometimes not well build. Try to use the Tildeslash Monit packages. -
reporter
OK, that makes sense. I think I got confused thinking this bug was fixed in 5.26.0. Thanks!
-
reporter
- changed status to resolved
Supposedly fixed in 5.27.0
-
Hello Mike,
you are right, your problem should fixed with 5.27.0 but the last/newest version is 5.27.1.With regards,
Lutz -
repo owner
- changed status to duplicate
Duplicate of
#908. - Log in to comment