1

Topic: OpenSSL Error messages

==== Required information ====
- iRedMail version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx):
- Linux/BSD distribution name and version:
- Related log if you're reporting an issue:
======== Required information ====
- iRedMail version: 0.9.0
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MariaDB
- Web server (Apache or Nginx): Apache 2.4.6
- Linux/BSD distribution name and version: CentOS 7.1
- Related log if you're reporting an issue:
====

Hello,
I have this Error for Invision Power Suite 4.0
How to solve this?

---------------------------------------------------------------------------------------------------------------------------------------------------------

My ssl.conf:

SSLProtocol all -SSLv2 -SSLv3

SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:DES-CBC3-SHA:!AES128-SHA:!AES256-SHA:!AES128-SHA256:!AES256-SHA256:!AES128-GCM-SHA256:!AES256-GCM-SHA384:!DHE-RSA-AES128-SHA:!DHE-RSA-AES128-SHA256:!DHE-RSA-AES128-GCM-SHA256:!DHE-RSA-CAMELLIA256-SHA:!CAMELLIA256-SHA:!DHE-RSA-CAMELLIA128-SHA:!CAMELLIA128-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!SRP:!DSS:!RC4:!3DES

SSLHonorCipherOrder on

----------------------------------------------------------------------------------------------------------------------------------------------------------

/var/log/httpd/ssl_error_log

[Fri May 01 09:38:43.200985 2015] [core:error] [pid 6770:tid 140729888233216] [client ::1:57753] AH00134: Invalid method in request \x16\x03\x01\x01 - possible attempt to establish SSL connection on non-SSL port

---------------------------------------------------------------------------------------------------------------------------------------------------------

This is answer of Support Team IPS:

This is the error being thrown:

fsockopen(): SSL operation failed with code 1. OpenSSL Error messages:
error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol

I'd recommend contacting your hosting provider and asking if OpenSSL is up to date and configured properly (show them that error) otherwise you might experience similar errors elsewhere.

---------------------------------------------------------------------------------------------------------------------------------------------------------

For the server I use the purchased certificate, and follow the instructions given here: http://www.iredmail.org/docs/use.a.boug … icate.html

THANK YOU!

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: OpenSSL Error messages

What port are you telling IPS to use?

3 (edited by kysil 2015-05-01 21:45:23)

Re: OpenSSL Error messages

I do not know is whether you mean? Support has not yet responded.
Maybe this?
'sql_port' => 3306,

upd: It was my error ...

4

Re: OpenSSL Error messages

Erm, I'm confused as to how an SQL Error is related to iRedMail? Does IPS use Mail at all? The guide you followed does not take into account SSL SQL

5

Re: OpenSSL Error messages

This is second answer of Support Team IPS:

By default unless another port is defined in the URL, the software expects to make SSL connections on port 443.

I did a little research and it seems like the error occurs when the client (openSSL) only supports SSLv3 but the server SSL only supports SSLv2. It can also occur if the server is configured to serve SSL over a nonstandard port.

http://stackoverflow.com/questions/1516 … y-ssl-cert

You can reference the above topic as a starting point.

6

Re: OpenSSL Error messages

Oh, iRedMail disables SSLv2 and SSLv3 as they are very unsafe.
https://access.redhat.com/articles/1232123
We recommend the use of TLS for SSL Transmission
I'd recommend you ask IPS about TLS support as SSL is deemed very unsafe.

7

Re: OpenSSL Error messages

Tell me please, how to temporarily turn their back to the configuration became a compatible?

8

Re: OpenSSL Error messages

The opposite of this http://unix.stackexchange.com/questions … -in-apache

9

Re: OpenSSL Error messages

7t3chguy wrote:

The opposite of this http://unix.stackexchange.com/questions … -in-apache

Thank you!
I know that, but unfortunately, the problem is not solved ...

10

Re: OpenSSL Error messages

Good! Hostname and main domain must be just different. Problem has been solved.