1

Topic: error:14209102:SSL

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.2.1
- Deployed with iRedMail Easy or the downloadable installer? installer
- Linux/BSD distribution name and version: centos 8
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): mysql
- Web server (Apache or Nginx): nginx
- Manage mail accounts with iRedAdmin-Pro? yes
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
Can someone shed some light on this, I am getting thousands of this on my new install here...
I read about perhaps wrong cert and tested but all show OK
openssl s_client -starttls smtp -crlf -connect localhost:587 -tls1_2
openssl s_client -starttls smtp -crlf -connect localhost:587 -tls1_1
openssl s_client -starttls smtp -crlf -connect localhost:587 -tls1


May 20 07:58:12 localhost postfix/submission/smtpd[15281]: warning: TLS library problem: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:ssl/statem/statem_srvr.c:1661:

2

Re: error:14209102:SSL

Looks like client side issue, not using correct port or protocol for submission service.

----

Does my reply help a little? How about buying me a cup of coffee ($5) as an encouragement?

buy me a cup of coffee

3

Re: error:14209102:SSL

It looks to be the correct port: 587
May 20 07:58:12 localhost postfix/submission/smtpd[15281]: warning: TLS library problem: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:ssl/statem/statem_srvr.c:1661:

What protocol do I need to add that was ok in the old version and now it is not?
Many issues with this and little info on any search engine I could find but ired changed things from old version to new and now problem starts with error reporting that helps little in this case.

From my research the error:14209102:SSL  seems to indicate some sort of certificate issue... and we are using letsencrypt and the links seems to be correct.

4

Re: error:14209102:SSL

sergiocesar wrote:

What protocol do I need to add that was ok in the old version and now it is not?

Port 587 with TLS secure connection are correct.
FYI: https://docs.iredmail.org/#mua

Again, although you may have correct/valid ssl cert/key, if client MUA is misconfigured, this error will still raise.
Don't panic if you see some warning message, it could be a client side issue and not server side one.

----

Does my reply help a little? How about buying me a cup of coffee ($5) as an encouragement?

buy me a cup of coffee