Author Topic: Roundcube docker - TLS handshaking failed [SOLVED]  (Read 709 times)

Offline dave08

  • Jr. Member
  • **
  • Posts: 11
Roundcube docker - TLS handshaking failed [SOLVED]
« on: December 23, 2020, 06:33:52 AM »
Hello.
On the same server I can log into the imap server if using roundcube 1.2.12 LTS, but when using the docker container I get " TLS handshaking: SSL_accept() failed: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure: SSL alert number 40"

I checked both config.inc.php and both have $config['cipher_method'] = 'DES-EDE3-CBC';
so aparently I'm using the same configuration but authentication fails when using the docker version of Roundcubemail.
Any ideas why?
Thanks and Merry Christmas.
« Last Edit: December 31, 2020, 11:42:41 AM by dave08 »

Offline dave08

  • Jr. Member
  • **
  • Posts: 11
Re: Roundcube docker - TLS handshaking failed
« Reply #1 on: December 23, 2020, 10:36:29 AM »
When using Roundcubemail-1.2.12 LTS, the system is using PHP 5.4...which is different from the one used in the docker.
My imap server is configured not to accept SSLv2 and SSLv3.

I was trying to pass some parameters such as "TLS1, TLSv1, TLSv2" to the "ciphers" config option in imap_conn_options, but nothing seems to work.

From de roundcubemail docker terminal I type  openssl s_client -connect my.ip:993 -tls1 (tls1_1 and tls1_2) and I get the exact same error on my imap server:
" TLS handshaking: SSL_accept() failed: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure: SSL alert number 40"
 

Thanks

« Last Edit: December 23, 2020, 11:20:04 AM by dave08 »

Offline dave08

  • Jr. Member
  • **
  • Posts: 11
Re: Roundcube docker - TLS handshaking failed
« Reply #2 on: December 31, 2020, 09:22:16 AM »
When using Roundcubemail-1.2.12 LTS, the system is using PHP 5.4...which is different from the one used in the docker.
My imap server is configured not to accept SSLv2 and SSLv3.

I was trying to pass some parameters such as "TLS1, TLSv1, TLSv2" to the "ciphers" config option in imap_conn_options, but nothing seems to work.

From de roundcubemail docker terminal I type  openssl s_client -connect my.ip:993 -tls1 (tls1_1 and tls1_2) and I get the exact same error on my imap server:
" TLS handshaking: SSL_accept() failed: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure: SSL alert number 40"
 

Thanks

first error solved by setting verify_peer => flase in config.inc.php

Now I get:

From the Roundcubemail docker console I get:
PHP Warning:  stream_socket_client(): SSL operation failed with code 1. OpenSSL Error messages:\nerror:141A318A:SSL routines:tls_process_ske_dhe:dh key too small in /var/www/html/program/lib/Roundcube/rcube_imap_generic.php on line 1025

Is there any option I can put in config.inc.php to overcome this?
This server is pretty secure and accepts only TLS, and has a 2048 bits key, so I don't know what the problem might be.
Thanks!

Offline dave08

  • Jr. Member
  • **
  • Posts: 11
Re: Roundcube docker - TLS handshaking failed [SOLVED]
« Reply #3 on: December 31, 2020, 11:42:16 AM »

How I managed to login:

  • Edited running RoundCubemail docker.
    Installed "vim" editor
    modified /etc/ssl/openssl.cnf and replaced SECLEVEL=2 with SECLEVEL=1
    exit container and applied changes.
    Now I start the modified container and can login.
Thanks anyway.