Roundcube Community Forum

SVN Releases => Issues & Bugs => Topic started by: weizm2 on February 20, 2018, 02:41:00 PM

Title: Connection to storage server failed after configuring roundcube for TLS
Post by: weizm2 on February 20, 2018, 02:41:00 PM

Hi All

We are using Roundcube Webmail 1.2-beta on Ubuntu with Postfix and Dovecot.   Everything was running fine until we modified Roundcube to use TLS.
After configuring Postfix for TLS, we modified these settings in Roundcube's config.inc.php:

# $config['default_host'] = 'localhost';
$config['default_host'] = 'tls://localhost';

# $config['smtp_server'] = 'localhost';
$config['smtp_server'] = 'tls://mail.ourdomain.com';

The # commented lines are the original settings.
We had to specify the Fully Qualified Domain Name: mail.ourdomain.com for TLS to work.   We also added mail.ourdomain.com to the hosts file on the server.
After making these changes, TLS worked fine, but we cannot login to Roundcube anymore.  Keeps getting the "Connection to storage server failed" error.

Found this error in the Roundcube error log:
[20-Feb-2018 09:56:19 -0800]: <1c08ao0m> IMAP Error: Login failed for tommy@mail,ourdomain.com from 192.168.6.1. Unable to negotiate TLS in /usr/share/roundcube/program/lib/Roundcube/rcube_imap.php on line 193 (POST /?_task=login?_task=login&_action=login)

We reverted our configuration to no TLS, and we can login to Roundcube again.

Probably a Dovecot IMAP setting issue?


Thank you very much in anticipation.

WZM

Title: Re: Connection to storage server failed after configuring roundcube for TLS
Post by: SKaero on February 20, 2018, 05:08:46 PM

Try ssl://example.com instead of tls://example.com

Title: Re: Connection to storage server failed after configuring roundcube for TLS
Post by: weizm2 on February 20, 2018, 06:11:13 PM

Thank you SKaero

We fixed the problem by following the suggestion in this link https://www.roundcubeforum.net/index.php?topic=22035.0 (https://www.roundcubeforum.net/index.php?topic=22035.0)

This is what we did in our RC config.inc.php :

$config['default_host'] = 'tls://mail.ourdomain.com';

$config['smtp_server'] = 'tls://mail.ourdomain.function.com';


$config['imap_conn_options'] = array(
    'ssl' => array(
      'verify_peer'       => true,
      'verify_peer_name' => true,
      'peer_name'         => 'mail.ourdomain.com',
      'ciphers' => 'TLSv1+HIGH:!aNull:@STRENGTH',
      'capath' => '/etc/ssl/certs',
      'cafile'  => '/etc/ssl/certs/chain.pem',
      'local_cert' => '/etc/ssl/certs/combine.pem',
    ),
);

$config['smtp_conn_options'] = array(
    'ssl' => array(
      'verify_peer'       => true,
      'verify_peer_name' => true,
      'peer_name'         => 'mail.ourdomain.com',
      'ciphers' => 'TLSv1+HIGH:!aNull:@STRENGTH',
      'capath' => '/etc/ssl/certs',
      'cafile'  => '/etc/ssl/certs/chain.pem',
      'local_cert' => '/etc/ssl/certs/combine.pem',
    ),
);



The combine.pem file contains the private key and server certificate.

Title: Re: Connection to storage server failed after configuring roundcube for TLS
Post by: alec on February 21, 2018, 02:13:18 AM

FYI, you should immediately uninstall this version, it has a ton of serious security issues.