Author Topic: TLS Handshake Error  (Read 85 times)

Offline quwax

  • Jr. Member
  • **
  • Posts: 24
TLS Handshake Error
« on: November 17, 2021, 10:51:19 AM »
Hello,
I'm running an old Mac-Server with OSX 10.11 Server installed. On the box I installed php7.3.8 with the script from Liip and I'm getting a TLS handshake error - unknown error.
What I did then was setting imap and smtp options like this:
Code: [Select]
$config['imap_conn_options'] = [
  'ssl'         => [
    'verify_peer'  => false,
    'capture_peer_cert_chain' => true,
    'verify_depth' => 3,
     'cafile'       => '/private/etc/certificates/GandiStandardSSLCA2.pem',
     'local_pk' => '/private/etc/certificates/my.key.pem',
     'local_cert' => '/private/etc/certificates/my.chain.pem'
   ],
];
The certificates is a multi-domain one.
Postfix and Dovecot still show a TLS Handshake error in

What also shakes me the option
Code: [Select]
$config['enable_installer'] = false; is also not working.
But the config file is loaded, I changed the product_name several times.

My guess is, I set the certificates wrong and that I can't disable the installer might be a bug and has nothing to do with the TLS error.
Thanks for any input :-)
Q

Offline quwax

  • Jr. Member
  • **
  • Posts: 24
Re: TLS Handshake Error
« Reply #1 on: November 17, 2021, 11:14:55 AM »
So I got it working this way:
Code: [Select]
$config['imap_conn_options'] = [
  'ssl'         => [
    'verify_peer'  => false,
    'capture_peer_cert_chain' => true,
    'verify_depth' => 3,
     'cafile'       => '/etc/certificates/my.chain.pem',
     'local_pk' => '/etc/certificates/my.key.pem',
   ],
];


as soon as verify_peer is true I get again a TLS error:
Code: [Select]
TLS handshaking: SSL_accept() failed: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca: SSL alert number 48, which still points to a problem with certificates.
The installer I still can't switch off :(