search

nextcloud / apps

🚚 This is an archive. Let us know if you want to take over maintainership of any of these apps
11 stars 29 forks source link

IMAP Auth Backend - no shared cipher #49

Closed rayfun closed 6 years ago

rayfun commented 6 years ago

Steps to reproduce

  1. Configure IMAP Auth Backend
  2. Try login with valid credentials of IMAP mail server

Expected behaviour

User successfully logs in using IMAP backend authentication

Actual behaviour

Dovecot of IMAP server reported: Mar 20 15:15:50 iris dovecot: imap-login: Debug: SSL: where=0x10, ret=1: before/accept initialization [xxx.xxx.xxx.xxx] Mar 20 15:15:50 iris dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: before/accept initialization [xxx.xxx.xxx.xxx] Mar 20 15:15:50 iris dovecot: imap-login: Warning: SSL alert: where=0x4008, ret=552: fatal handshake failure [xxx.xxx.xxx.xxx] Mar 20 15:15:50 iris dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: error [xxx.xxx.xxx.xxx] Mar 20 15:15:50 iris dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: error [xxx.xxx.xxx.xxx] Mar 20 15:15:50 iris dovecot: imap-login: Error: SSL: Stacked error: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher Mar 20 15:15:50 iris dovecot: imap-login: Debug: SSL error: SSL_accept() failed: Unknown error Mar 20 15:15:50 iris dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=xxx.xxx.xxx.xxx, lip=xxx.xxx.xxx.xxx, TLS handshaking: SSL_accept() failed: Unknown error, session=<zfcwtthnELSKyUCI>

These are the ciphers configured with Dovecot: ssl_cipher_list=ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128$

IMAP backend conf: 'user_backends' => array( array( 'class' => 'OC_User_IMAP', 'arguments' => array('{mail.xxxxxxx.de:143/imap/tls}') ) ),

Mail app

Mail app version: (see apps admin page) 0.7.10

Mailserver or service: (e.g. Outlook, Yahoo, Gmail, Exchange,...) Self-hosted Dovecot/IMAP server on same machine as Nextcloud installation

Number of accounts: 3

Server configuration

Operating system: Linux 4.13.0-37-generic #42~16.04.1-Ubuntu SMP Wed Mar 7 16:03:28 UTC 2018 x86_64

Webserver: Apache (fpm-fcgi)

Database: pgsql PostgreSQL 9.5.12 on x86_64-pc-linux-gnu, compiled by gcc (Ubuntu 5.4.0-6ubuntu1~16.04.9) 5.4.0 20160609, 64-bit

PHP version: 7.0.28-0ubuntu0.16.04.1 Modules loaded: Core, date, libxml, openssl, pcre, zlib, filter, hash, Reflection, SPL, session, standard, cgi-fcgi, mysqlnd, PDO, xml, apcu, calendar, ctype, curl, dom, mbstring, fileinfo, ftp, gd, gettext, iconv, igbinary, imagick, imap, intl, json, exif, mcrypt, mysqli, pdo_mysql, pdo_pgsql, pgsql, Phar, posix, propro, raphf, readline, redis, shmop, SimpleXML, sockets, sysvmsg, sysvsem, sysvshm, tokenizer, wddx, xmlreader, xmlwriter, xsl, zip, http, Zend OPcache

Nextcloud version: 13.0.1 - 13.0.1.1

Server log (data/nextcloud.log)

{"reqId":"dnmnpR4VeP5ZFpbdYPCn","level":2,"time":"2018-03-20T14:41:04+00:00","remoteAddr":"xxx.xxx.xxx.","user":"--","app":"core","method":"POST","url":"\/login","message":"Login failed: 'axel@xxxxxxx.de' (Remote IP: 'xxx.xxx.xxx.xxx')","userAgent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Ubuntu Chromium\/64.0.3282.167 Chrome\/64.0.3282.167 Safari\/537.36","version":"13.0.1.1"}

IMAP log (data/horde_imap.log)

File does not exist

SMTP log (data/horde_smtp.log)

File does not exist

rayfun commented 6 years ago

Adjusting my Dovecot ssl_ciper_list fixed the issue.