docker-mailserver: latest build breaks ssl connections with Mac OS clients
Hey team,
New issue just came up with the latest build. Watchtower updates for me nightly at 1:00am and this time when the latest build came online it broke connection to mac OSX El Capitan (10.11) clients.
Once I reverted to the previous image, all is working again. Logs clearly show an “unsupported protocol” issue with the latest build. Here is the relevant output from /var/log/mail/mail.log from within the container:
Feb 26 10:00:21 mail dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=192.168.5.48, lip=192.168.6.7, TLS handshaking: SSL_accept() failed: error:1417D102:SSL routines:tls_process_client_hello:unsupported protocol, session=<HP2TSCFmzcLAqAUw>
Feb 26 10:00:21 mail dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=192.168.5.48, lip=192.168.6.7, TLS handshaking: SSL_accept() failed: error:1417D102:SSL routines:tls_process_client_hello:unsupported protocol, session=<axCUSCFmzsLAqAUw>
Feb 26 10:00:21 mail dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=192.168.5.48, lip=192.168.6.7, TLS handshaking: SSL_accept() failed: error:1417D102:SSL routines:tls_process_client_hello:unsupported protocol, session=<AzyUSCFmz8LAqAUw>
Feb 26 10:00:21 mail dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=192.168.5.48, lip=192.168.6.7, TLS handshaking: SSL_accept() failed: error:1417D102:SSL routines:tls_process_client_hello:unsupported protocol, session=<p1CUSCFm0MLAqAUw>
Feb 26 10:00:21 mail dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=192.168.5.48, lip=192.168.6.7, TLS handshaking: SSL_accept() failed: error:1417D102:SSL routines:tls_process_client_hello:unsupported protocol, session=<qm6USCFm0cLAqAUw>
Feb 26 10:00:21 mail dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=192.168.5.48, lip=192.168.6.7, TLS handshaking: SSL_accept() failed: error:1417D102:SSL routines:tls_process_client_hello:unsupported protocol, session=<fYyUSCFm0sLAqAUw>
Feb 26 10:00:21 mail postfix/postscreen[3558]: CONNECT from [192.168.5.48]:49881 to [192.168.6.7]:25
Feb 26 10:00:21 mail postfix/postscreen[3558]: CONNECT from [192.168.5.48]:49884 to [192.168.6.7]:25
Feb 26 10:00:21 mail dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=192.168.5.48, lip=192.168.6.7, TLS handshaking: SSL_accept() failed: error:1417D102:SSL routines:tls_process_client_hello:unsupported protocol, session=<Z8aVSCFm3cLAqAUw>
Feb 26 10:00:21 mail dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=192.168.5.48, lip=192.168.6.7, TLS handshaking: SSL_accept() failed: error:1417D102:SSL routines:tls_process_client_hello:unsupported protocol, session=<HuWVSCFm3sLAqAUw>
Feb 26 10:00:21 mail dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=192.168.5.48, lip=192.168.6.7, TLS handshaking: SSL_accept() failed: error:1417D102:SSL routines:tls_process_client_hello:unsupported protocol, session=<RAOWSCFm38LAqAUw>
Feb 26 10:00:21 mail dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=192.168.5.48, lip=192.168.6.7, TLS handshaking: SSL_accept() failed: error:1417D102:SSL routines:tls_process_client_hello:unsupported protocol, session=<zRyWSCFm4cLAqAUw>
Feb 26 10:00:21 mail postfix/submission/smtpd[3560]: connect from unknown[192.168.5.48]
Feb 26 10:00:21 mail dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=192.168.5.48, lip=192.168.6.7, TLS handshaking: SSL_accept() failed: error:1417D102:SSL routines:tls_process_client_hello:unsupported protocol, session=<DT+WSCFm4sLAqAUw>
Feb 26 10:00:21 mail postfix/submission/smtpd[3560]: SSL_accept error from unknown[192.168.5.48]: -1
Feb 26 10:00:21 mail postfix/submission/smtpd[3560]: warning: TLS library problem: error:1417D102:SSL routines:tls_process_client_hello:unsupported protocol:../ssl/statem/statem_srvr.c:974:
Feb 26 10:00:21 mail postfix/submission/smtpd[3560]: lost connection after STARTTLS from unknown[192.168.5.48]
Feb 26 10:00:21 mail postfix/submission/smtpd[3560]: disconnect from unknown[192.168.5.48] ehlo=1 starttls=0/1 commands=1/2
Feb 26 10:00:21 mail postfix/postscreen[3558]: CONNECT from [192.168.5.48]:49895 to [192.168.6.7]:25
Feb 26 10:00:21 mail dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=192.168.5.48, lip=192.168.6.7, TLS handshaking: SSL_accept() failed: error:1417D102:SSL routines:tls_process_client_hello:unsupported protocol, session=<HGSWSCFm48LAqAUw>
Feb 26 10:00:21 mail postfix/dnsblog[3998]: warning: dnsblog_query: lookup error for DNS query 48.5.168.192.list.dnswl.org: Host or domain name not found. Name service error for name=48.5.168.192.list.dnswl.org type=A: Host not found, try again
Feb 26 10:00:21 mail postfix/postscreen[3558]: PASS OLD [192.168.5.48]:49881
Feb 26 10:00:21 mail postfix/postscreen[3558]: PASS OLD [192.168.5.48]:49884
Feb 26 10:00:21 mail postfix/postscreen[3558]: PASS OLD [192.168.5.48]:49895
Feb 26 10:00:21 mail postfix/smtpd[3593]: connect from unknown[192.168.5.48]
Feb 26 10:00:21 mail postfix/smtpd[3594]: connect from unknown[192.168.5.48]
Feb 26 10:00:21 mail postfix/smtpd[3593]: SSL_accept error from unknown[192.168.5.48]: -1
Feb 26 10:00:21 mail postfix/smtpd[3593]: warning: TLS library problem: error:1417D102:SSL routines:tls_process_client_hello:unsupported protocol:../ssl/statem/statem_srvr.c:974:
Feb 26 10:00:21 mail postfix/smtpd[3593]: lost connection after STARTTLS from unknown[192.168.5.48]
Feb 26 10:00:21 mail postfix/smtpd[3593]: disconnect from unknown[192.168.5.48] ehlo=1 starttls=0/1 commands=1/2
Feb 26 10:00:21 mail postfix/smtpd[3594]: SSL_accept error from unknown[192.168.5.48]: -1
Feb 26 10:00:21 mail postfix/smtpd[3594]: warning: TLS library problem: error:1417D102:SSL routines:tls_process_client_hello:unsupported protocol:../ssl/statem/statem_srvr.c:974:
Feb 26 10:00:21 mail postfix/smtpd[3594]: lost connection after STARTTLS from unknown[192.168.5.48]
Feb 26 10:00:21 mail postfix/smtpd[3594]: disconnect from unknown[192.168.5.48] ehlo=1 starttls=0/1 commands=1/2
Feb 26 10:00:21 mail postfix/smtpd[3595]: connect from unknown[192.168.5.48]
Feb 26 10:00:21 mail postfix/smtpd[3595]: SSL_accept error from unknown[192.168.5.48]: -1
Feb 26 10:00:21 mail postfix/smtpd[3595]: warning: TLS library problem: error:1417D102:SSL routines:tls_process_client_hello:unsupported protocol:../ssl/statem/statem_srvr.c:974:
Feb 26 10:00:21 mail postfix/smtpd[3595]: lost connection after STARTTLS from unknown[192.168.5.48]
Feb 26 10:00:21 mail postfix/smtpd[3595]: disconnect from unknown[192.168.5.48] ehlo=1 starttls=0/1 commands=1/2
Feb 26 10:00:21 mail postfix/submission/smtpd[3560]: connect from unknown[192.168.5.48]
Feb 26 10:00:21 mail postfix/submission/smtpd[3560]: SSL_accept error from unknown[192.168.5.48]: -1
Feb 26 10:00:21 mail postfix/submission/smtpd[3560]: warning: TLS library problem: error:1417D102:SSL routines:tls_process_client_hello:unsupported protocol:../ssl/statem/statem_srvr.c:974:
Feb 26 10:00:21 mail postfix/submission/smtpd[3560]: lost connection after STARTTLS from unknown[192.168.5.48]
Feb 26 10:00:21 mail postfix/submission/smtpd[3560]: disconnect from unknown[192.168.5.48] ehlo=1 starttls=0/1 commands=1/2
Feb 26 10:00:21 mail postfix/submission/smtpd[4003]: connect from unknown[192.168.5.48]
Feb 26 10:00:21 mail postfix/smtps/smtpd[3597]: connect from unknown[192.168.5.48]
Feb 26 10:00:21 mail postfix/smtps/smtpd[3597]: SSL_accept error from unknown[192.168.5.48]: -1
Feb 26 10:00:21 mail postfix/smtps/smtpd[3597]: warning: TLS library problem: error:1417D102:SSL routines:tls_process_client_hello:unsupported protocol:../ssl/statem/statem_srvr.c:974:
Feb 26 10:00:21 mail postfix/smtps/smtpd[3597]: lost connection after CONNECT from unknown[192.168.5.48]
Feb 26 10:00:21 mail postfix/smtps/smtpd[3597]: disconnect from unknown[192.168.5.48] commands=0/0
Feb 26 10:00:21 mail postfix/smtps/smtpd[3596]: connect from unknown[192.168.5.48]
Feb 26 10:00:21 mail postfix/smtps/smtpd[3596]: SSL_accept error from unknown[192.168.5.48]: -1
Feb 26 10:00:21 mail postfix/smtps/smtpd[3596]: warning: TLS library problem: error:1417D102:SSL routines:tls_process_client_hello:unsupported protocol:../ssl/statem/statem_srvr.c:974:
Feb 26 10:00:21 mail postfix/smtps/smtpd[3596]: lost connection after CONNECT from unknown[192.168.5.48]
Feb 26 10:00:21 mail postfix/smtps/smtpd[3596]: disconnect from unknown[192.168.5.48] commands=0/0
Feb 26 10:00:21 mail postfix/submission/smtpd[4003]: SSL_accept error from unknown[192.168.5.48]: -1
Feb 26 10:00:21 mail postfix/submission/smtpd[4003]: warning: TLS library problem: error:1417D102:SSL routines:tls_process_client_hello:unsupported protocol:../ssl/statem/statem_srvr.c:974:
Feb 26 10:00:21 mail postfix/submission/smtpd[4003]: lost connection after STARTTLS from unknown[192.168.5.48]
Feb 26 10:00:21 mail postfix/submission/smtpd[4003]: disconnect from unknown[192.168.5.48] ehlo=1 starttls=0/1 commands=1/2
Feb 26 10:00:21 mail postfix/smtps/smtpd[3597]: connect from unknown[192.168.5.48]
Feb 26 10:00:21 mail postfix/smtps/smtpd[3597]: SSL_accept error from unknown[192.168.5.48]: -1
Feb 26 10:00:21 mail postfix/smtps/smtpd[3597]: warning: TLS library problem: error:1417D102:SSL routines:tls_process_client_hello:unsupported protocol:../ssl/statem/statem_srvr.c:974:
Feb 26 10:00:21 mail postfix/smtps/smtpd[3597]: lost connection after CONNECT from unknown[192.168.5.48]
Feb 26 10:00:21 mail postfix/smtps/smtpd[3597]: disconnect from unknown[192.168.5.48] commands=0/0
About this issue
- Original URL
- State: closed
- Created 6 years ago
- Comments: 20 (15 by maintainers)
Hey, we have a new security ENV-variable “TLS_LEVEL” (see #831). The default value is “modern”- which Is not supported by OpenSSL 0.9.8. Only the neweset Mac OS X has a newer SSL-library (LibreSSL supports modern ciphers). In your case I suggest you set the env-variable to “intermediate”.