Hello,

I've got a vps that I'm wanting to tighten down its webmail setup. Currently it's running php 5.6 and it does have the openssl extension loaded. It's got apache 2.4 and that hooks in to php via php-fpm. I'm running Postfix and Dovecot and Roundcube 1.3.6.

What I'm wanting to do is tls-encrypt all server communications from roundcube to the various imap/smtp servers. I've got letsencrypt providing my server certificates. In my roundcube configuration I've got a map pointing:

#cat host1_config.inc.php <?php $config['username_domain'] = 'example.com'; $config['default_host'] = 'tls://mail.example.com'; // For STARTTLS IMAP $config['imap_conn_options'] = array( 'ssl' => array( 'verify_peer' => true, // certificate is not self-signed if cafile provided 'allow_self_signed' => false, // Letsencrypt 'ssl_cert' => '/usr/local/etc/ssl/acme/example.com/fullchain.pem', 'ssl_key' => '/usr/local/etc/ssl/acme/private/example.com/privkey.pem', // probably optional parameters 'ciphers' => 'TLSv1.2:@STRENGTH', 'peer_name' => 'mail.example.com', ) ); // For STARTTLS SMTP $config['smtp_conn_options'] = array( 'ssl' => array( 'verify_peer' => true, // certificate is not self-signed if cafile provided 'allow_self_signed' => false, // Letsencrypt 'ssl_cert' => '/usr/local/etc/ssl/acme/example.com/fullchain.pem', 'ssl_key' => '/usr/local/etc/ssl/acme/private/example.com/privkey.pem', // probably optional parameters 'ciphers' => 'TLSv1.2:@STRENGTH', 'peer_name' => 'mail.example.com', ), );

When I atempt to connect via roundcube I get a gateway timeout message and this in my imap server log:

2018-07-16 14:01:31 imap-login: Info: Disconnected (no auth attempts in 0 secs): user=<>, rip=127.0.0.1, lip=127.0.0.1, TLS handshaking: SSL_accept() failed: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol, session=<AsiSniFxS91/AAAB>

Any ideas?

Thanks. Dave.