Print Page - Roundcube docker - TLS handshaking failed [SOLVED]

Title: Roundcube docker - TLS handshaking failed [SOLVED]
Post by: dave08 on December 23, 2020, 06:33:52 AM

Hello.
On the same server I can log into the imap server if using roundcube 1.2.12 LTS, but when using the docker container I get " TLS handshaking: SSL_accept() failed: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure: SSL alert number 40"

I checked both config.inc.php and both have $config['cipher_method'] = 'DES-EDE3-CBC';
so aparently I'm using the same configuration but authentication fails when using the docker version of Roundcubemail.
Any ideas why?
Thanks and Merry Christmas.

Title: Re: Roundcube docker - TLS handshaking failed
Post by: dave08 on December 23, 2020, 10:36:29 AM

When using Roundcubemail-1.2.12 LTS, the system is using PHP 5.4...which is different from the one used in the docker.
My imap server is configured not to accept SSLv2 and SSLv3.

I was trying to pass some parameters such as "TLS1, TLSv1, TLSv2" to the "ciphers" config option in imap_conn_options, but nothing seems to work.

From de roundcubemail docker terminal I type openssl s_client -connect my.ip:993 -tls1 (tls1_1 and tls1_2) and I get the exact same error on my imap server:
" TLS handshaking: SSL_accept() failed: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure: SSL alert number 40"

Thanks

Title: Re: Roundcube docker - TLS handshaking failed
Post by: dave08 on December 31, 2020, 09:22:16 AM

Quote from: dave08 on December 23, 2020, 10:36:29 AM
When using Roundcubemail-1.2.12 LTS, the system is using PHP 5.4...which is different from the one used in the docker.
My imap server is configured not to accept SSLv2 and SSLv3.

I was trying to pass some parameters such as "TLS1, TLSv1, TLSv2" to the "ciphers" config option in imap_conn_options, but nothing seems to work.

From de roundcubemail docker terminal I type openssl s_client -connect my.ip:993 -tls1 (tls1_1 and tls1_2) and I get the exact same error on my imap server:
" TLS handshaking: SSL_accept() failed: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure: SSL alert number 40"

Thanks

first error solved by setting verify_peer => flase in config.inc.php

Now I get:

From the Roundcubemail docker console I get:
PHP Warning: stream_socket_client(): SSL operation failed with code 1. OpenSSL Error messages:\nerror:141A318A:SSL routines:tls_process_ske_dhe:dh key too small in /var/www/html/program/lib/Roundcube/rcube_imap_generic.php on line 1025

Is there any option I can put in config.inc.php to overcome this?
This server is pretty secure and accepts only TLS, and has a 2048 bits key, so I don't know what the problem might be.
Thanks!

Title: Re: Roundcube docker - TLS handshaking failed [SOLVED]
Post by: dave08 on December 31, 2020, 11:42:16 AM

How I managed to login:

Edited running RoundCubemail docker.
Installed "vim" editor
modified /etc/ssl/openssl.cnf and replaced SECLEVEL=2 with SECLEVEL=1
exit container and applied changes.
Now I start the modified container and can login.

Thanks anyway.

Roundcube Community Forum

Miscellaneous => Roundcube Discussion => Topic started by: dave08 on December 23, 2020, 06:33:52 AM