Project

General

Profile

Actions
Copy link

Defect #32472

closed

redmine:email:receive_imap broken with redmine 4.0.5

Added by Stefan Mielke about 6 years ago. Updated about 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Email receiving
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Invalid
Affected version:
4.0.5

Description

After the upgrade to 4.0.5 receiving emails over imap stopped working.

rake redmine:email:receive_imap RAILS_ENV="production" host=mail.xxx.xx port=993 ssl=true username=xxx password=xxx

gives me:
OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=error: dh key too small
/usr/src/redmine/lib/redmine/imap.rb:30:in `new'
/usr/src/redmine/lib/redmine/imap.rb:30:in `check'
/usr/src/redmine/lib/tasks/email.rake:121:in `block (4 levels) in <top (required)>'
/usr/src/redmine/app/models/mailer.rb:612:in `with_synched_deliveries'
/usr/src/redmine/lib/tasks/email.rake:120:in `block (3 levels) in <top (required)>'
/usr/local/bundle/gems/rake-13.0.0/exe/rake:27:in `<top (required)>'
/usr/local/bin/bundle:23:in `load'
/usr/local/bin/bundle:23:in `<main>'
Tasks: TOP => redmine:email:receive_imap
(See full trace by running task with --trace)

on the mail server I see in the log:

TLS handshaking: SSL_accept() failed: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure: SSL alert number 4

so it seemes to try to connect via sslv3 ?
but that is not enabled on the server.

I then tried to use starttls:

rake redmine:email:receive_imap RAILS_ENV="production" host=mail.xxx.xx port=143 starttls=true username=xxx password=xxx

but thats no working either:

OpenSSL::SSL::SSLError: SSL_write
/usr/src/redmine/lib/redmine/imap.rb:34:in `check'
/usr/src/redmine/lib/tasks/email.rake:121:in `block (4 levels) in <top (required)>'
/usr/src/redmine/app/models/mailer.rb:612:in `with_synched_deliveries'
/usr/src/redmine/lib/tasks/email.rake:120:in `block (3 levels) in <top (required)>'
/usr/local/bundle/gems/rake-13.0.0/exe/rake:27:in `<top (required)>'
/usr/local/bin/bundle:23:in `load'
/usr/local/bin/bundle:23:in `<main>'
Tasks: TOP => redmine:email:receive_imap
(See full trace by running task with --trace)

how can I fix the problem

Actions
Copy link
 #1

Updated by Stefan Mielke about 6 years ago

  • Status changed from New to Resolved

Ok I found the problem:

The OpenSSL Version I am using is: OpenSSL 1.1.1d 10 Sep 2019
And that requires a DH param > 1024 on the imap connection. The mail server however has a dh param 1024.

I fixed that by adding this to /etc/ssl/openssl.cnf

[system_default_sect]
MinProtocol = TLSv1.2
CipherString = DEFAULT@SECLEVEL=0
Actions
Copy link
 #2

Updated by Marius BĂLTEANU about 6 years ago

  • Status changed from Resolved to Closed

Stefan Mielke wrote:

Ok I found the problem:

The OpenSSL Version I am using is: OpenSSL 1.1.1d 10 Sep 2019
And that requires a DH param > 1024 on the imap connection. The mail server however has a dh param 1024.

I fixed that by adding this to /etc/ssl/openssl.cnf

[...]

Thanks for the feedback.

Actions
Copy link
 #3

Updated by Marius BĂLTEANU about 6 years ago

  • Resolution set to Invalid
Actions
Copy link

Also available in: Atom PDF