Unable to connect to Mailbox via Roundcube webmail or any email client via IMAP if Plesk Premium Email is installed: Connection failed

Dmitry Bystrov

12 months ago

Symptoms

Plesk Premium Email is installed (does not matter enabled or disabled as an Extension)
Unable to connect to Mailbox via Roundcube webmail:

Connection to IMAP failed

The following can be found in the Guam service log:

Mar 11 15:45:43 example.com guam[694]: 14:45:43.785 [warning] TLS handshake failed with a tls_alert: {insufficient_security,"TLS server: In state hello at tls_handshake.erl:314 generated SERVER ALERT: Fatal - Insufficient Securityn no_suitable_ciphers"}
Mar 11 15:45:44 example.com guam[694]: 14:45:44.053 [error] gen_server <0.31142.8> terminated with reason: no match of right hand value {error,{tls_alert,{insufficient_security,"TLS server: In state hello at tls_handshake.erl:314 generated SERVER ALERT: Fatal - Insufficient Securityn no_suitable_ciphers"}}} in kolab_guam_session:start_client_tls/4 line 400
Apr 13 11:01:36 example.com guam[313457]: 11:01:36.142 [error] gen_fsm <0.563.0> in state disconnected terminated with reason: no match of right hand value {{error,closed},true,<0.563.0>,{[],[]}} in eimap:disconnected/2 line 140
Apr 13 11:01:36 example.com guam[313457]: 11:01:36.142 [error] CRASH REPORT Process <0.563.0> with 0 neighbours exited with reason: no match of right hand value {{error,closed},true,<0.563.0>,{[],[]}} in eimap:disconnected/2 line 140 in gen_fsm:terminate/8 line 623

Unable to check the IMAP certificate, TLSv1.3 protocol is used, Cipher returned as 0000:

# % openssl s_client -crlf -connect example.com:993
CONNECTED(00000005)
read:errno=0
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 287 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.3
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Start Time: 1681374915
Timeout : 7200 (sec)
Verify return code: 0 (ok)
---

Cause

The Ciphers, mentioned in sys.config file do not support the version lower than TLSv1.3 protocol as described here.

Resolution

The issue is fixed in the latest version of the extension.

Consider upgrading the extension to the latest version.

0 Shares