Symptoms
- Plesk Obsidian running on a Linux-based operating system
- The Plesk Premium Email extension is installed (it does not matter if it is enabled or disabled as an Extension)
- Unable to connect to Mailbox via Roundcube webmail, while the following error appears:
Connection to IMAP failed
- Errors that are similar to the following can be found in the Guam service log by running the
journalctl -uguamcommand:Mar 11 15:45:43 example.com guam[694]: 14:45:43.785 [warning] TLS handshake failed with a tls_alert: {insufficient_security,"TLS server: In state hello at tls_handshake.erl:314 generated SERVER ALERT: Fatal - Insufficient Securityn no_suitable_ciphers"}
Mar 11 15:45:44 example.com guam[694]: 14:45:44.053 [error] gen_server <0.31142.8> terminated with reason: no match of right hand value {error,{tls_alert,{insufficient_security,"TLS server: In state hello at tls_handshake.erl:314 generated SERVER ALERT: Fatal - Insufficient Securityn no_suitable_ciphers"}}} in kolab_guam_session:start_client_tls/4 line 400
Apr 13 11:01:36 example.com guam[313457]: 11:01:36.142 [error] gen_fsm <0.563.0> in state disconnected terminated with reason: no match of right hand value {{error,closed},true,<0.563.0>,{[],[]}} in eimap:disconnected/2 line 140
Apr 13 11:01:36 example.com guam[313457]: 11:01:36.142 [error] CRASH REPORT Process <0.563.0> with 0 neighbours exited with reason: no match of right hand value {{error,closed},true,<0.563.0>,{[],[]}} in eimap:disconnected/2 line 140 in gen_fsm:terminate/8 line 623 - Many errors that are similar to the following can be found in the
/var/log/guam/console.log:2022-07-16 00:34:13.262 [error] <0.20002.218> SSL: certify: ssl_alert.erl:93:Fatal error: certificate unknown
2022-07-16 00:34:13.262 [warning] <0.18160.218>@kolab_guam_session:accept_client:187 TLS handshake failed with a tls_alert: "certificate unknown"
2022-07-16 00:34:13.287 [error] <0.18725.218> SSL: certify: ssl_alert.erl:93:Fatal error: certificate unknown
2022-07-16 00:34:13.287 [warning] <0.19394.218>@kolab_guam_session:accept_client:187 TLS handshake failed with a tls_alert: "certificate unknown" - Unable to check the IMAP certificate on port 993 (the check may work fine on the POP3 port 995), TLSv1.2 protocol is used, but the Cipher is returned as 0000:
# [root@server ~]# openssl s_client -showcerts -connect mail.example.com:993 -servername mail.example.com
CONNECTED(00000003)
139836725192592:error:140790E5:SSL routines:ssl23_write:ssl handshake failure:s23_lib.c:177:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 314 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1722342657
Timeout : 300 (sec)
Verify return code: 0 (ok)
--- - Unable to check the IMAP certificate on port 993 (the check may work fine on the POP3 port 995), TLSv1.3 protocol is used, but the Cipher is returned as 0000:
# % openssl s_client -crlf -connect example.com:993
CONNECTED(00000005)
read:errno=0
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 287 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.3
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Start Time: 1681374915
Timeout : 7200 (sec)
Verify return code: 0 (ok)
---
Cause
The Ciphers, mentioned in /etc/guam/sys.config configuration file of the Plesk Premium Email…
with