1 Topic by sergiocesar

  • sergiocesar
  • Member
  • Offline
  • Registered: 2014-04-28
  • Posts: 94

Topic: error:14209102:SSL

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.2.1
- Deployed with iRedMail Easy or the downloadable installer? installer
- Linux/BSD distribution name and version: centos 8
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): mysql
- Web server (Apache or Nginx): nginx
- Manage mail accounts with iRedAdmin-Pro? yes
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
Can someone shed some light on this, I am getting thousands of this on my new install here...
I read about perhaps wrong cert and tested but all show OK
openssl s_client -starttls smtp -crlf -connect localhost:587 -tls1_2
openssl s_client -starttls smtp -crlf -connect localhost:587 -tls1_1
openssl s_client -starttls smtp -crlf -connect localhost:587 -tls1


May 20 07:58:12 localhost postfix/submission/smtpd[15281]: warning: TLS library problem: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:ssl/statem/statem_srvr.c:1661:

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,088

Re: error:14209102:SSL

Looks like client side issue, not using correct port or protocol for submission service.

3 Reply by sergiocesar

  • sergiocesar
  • Member
  • Offline
  • Registered: 2014-04-28
  • Posts: 94

Re: error:14209102:SSL

It looks to be the correct port: 587
May 20 07:58:12 localhost postfix/submission/smtpd[15281]: warning: TLS library problem: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:ssl/statem/statem_srvr.c:1661:

What protocol do I need to add that was ok in the old version and now it is not?
Many issues with this and little info on any search engine I could find but ired changed things from old version to new and now problem starts with error reporting that helps little in this case.

From my research the error:14209102:SSL  seems to indicate some sort of certificate issue... and we are using letsencrypt and the links seems to be correct.

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,088

Re: error:14209102:SSL

sergiocesar wrote:

What protocol do I need to add that was ok in the old version and now it is not?

Port 587 with TLS secure connection are correct.
FYI: https://docs.iredmail.org/#mua

Again, although you may have correct/valid ssl cert/key, if client MUA is misconfigured, this error will still raise.
Don't panic if you see some warning message, it could be a client side issue and not server side one.