1 Topic by ymw19971129

  • ymw19971129
  • Member
  • Offline
  • Registered: 2024-12-21
  • Posts: 4

Topic: SSL routines::version too low

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.7.1
- Deployed with iRedMail Easy or the downloadable installer?downloadable installer
- Linux/BSD distribution name and version: Ubuntu 22.04 LTS
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx):Nginx
- Manage mail accounts with iRedAdmin-Pro?no
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
client:
System: Ubuntu 22.04 LTS
openssl:OpenSSL 3.0.2 15
openssl.cnf:
[system_default_sect]
MinProtocol = TLSv1.2

Server side:
System: Ubuntu 22.04 LTS
openssl:OpenSSL 3.0.2 15

openssl.cnf:
[system_default_sect]
MinProtocol = TLSv1.2

/etc/postfix/main.cf
smtpd_tls_protocols = ! SSLv2 ! SSLv3 ! TLSv1 ! TLSv1.1
smtpd_tls_mandatory_protocols = ! SSLv2 ! SSLv3 ! TLSv1 ! TLSv1.1

/etc/dovecot/dovecot.conf
ssl_min_protocol = TLSv1.2

/var/log/mail.log:
warning: TLS library problem: error:0A000102:SSL routines::unsupported protocol:../ssl/statem/statem_srvr.c:1657:
warning: TLS library problem: error:0A00018C:SSL routines::version too low:../ssl/statem/statem_srvr.c:1657

It is obvious that all versions support version 1.2 and above. Why does the server still report a low version? Is it possible that it is a problem with using a third-party proxy server or the SSL package of the Python 3.11 program

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,136

Re: SSL routines::version too low

ymw19971129 wrote:

Is it possible that it is a problem with using a third-party proxy server or the SSL package of the Python 3.11 program

Yes it's possible, but we're not sure since you didn't offer detailed info.

Please make sure your mail client uses TLSv1.2 or TLSv1.3. Usually upgrading mail client application to latest version should fix it.

3 Reply by ymw19971129 (edited by ymw19971129 2024-12-23 21:38:39)

  • ymw19971129
  • Member
  • Offline
  • Registered: 2024-12-21
  • Posts: 4

Re: SSL routines::version too low

ZhangHuangbin wrote:
ymw19971129 wrote:

Is it possible that it is a problem with using a third-party proxy server or the SSL package of the Python 3.11 program

Yes it's possible, but we're not sure since you didn't offer detailed info.

Please make sure your mail client uses TLSv1.2 or TLSv1.3. Usually upgrading mail client application to latest version should fix it.

There is no problem logging in using a third-party GUI email client for Windows.
When logging in through the Python 3.11 program on the Ubuntu 22.04 client system, I used the following packages related to SSL and email:
SSL - Version and protocol not specified when using SSL
httpx~=0.27.0
urllib3~=2.2.2
Imap_tools - unspecified version

Strangely, using one's own proxy IP on the Ubuntu 22.04 client system can connect to the server normally without any issues
My own proxy server CentOS 7.4, OpenSSL is 1.0.2k flops, supports tls1.2

However, when using third-party proxy IP addresses, a lower version error occurred,
Testing using third-party proxy IP on Ubuntu 22.04 system client:
curl -x {proxy} -I --tlsv1.2 {url} ,-- tlsv1.0、--tlsv1.1、--tlsv1.2、--tlsv1.3, The returned status codes are all 200. The third-party proxy IP server seems to have no SSL version issues
The OpenSSL version of the Ubuntu 22.04 system client is 3.0.2 15, python 3.11, The imported SSL supports the latest TLS 1.3, so theoretically there should be no problem with the TLS version.

I really can't find where the problem lies