Hi There, Just don't understand what's not going on with my install. Sorry for my english as i'm a real cliché of French people with learning english language... () So, I have 2 servers who work independently. Both are on 18.04 Ubuntu ISPConfig3 with Apache2, MariaDb & php7.2, Dovecot, Postfix based on the best tutotrial i ever seen in my life First one drive on the standard repo packages & ISPConfig 3.1.13. Dovecot & Postfix work perfectly on STARTTLS TLS1.2 on imap ports143 or smtp(s) 25/587. Thunderbird or Outlook Office 365 accept STARTTLS without complaints. Second one is same as first but drive since yesterday, 21th february 2019, the last versions of Apache2.4.38 and Openssl 1.1.1a to give TLS1.3 a reality everywhere. ISPconfig is 3.1dev (don't ask ; don't know why !). Before yesterday it was on TLS1.2 with last repo versions ; identicaly i said. >> When it was with TLS1.2, Thunderbird or Outlook accepted mails account without complaints. >> Now, i'm getting real mad to know why Thunderbird and Outlook can not connect. And there is no Warns in log, just the two software logout after expiration delay. SSL/TLS on ports 993,465 works great but not STARTTLS. I've try "openssl s_client -starttls smtp -crlf -connect mail.mydomain.tld:587" EHLO or LOGIN work on command line after this Code: CONNECTED(00000003) depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 verify error:num=20:unable to get local issuer certificate --- Certificate chain 0 s:CN = ouvr.es i:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 1 s:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 i:O = Digital Signature Trust Co., CN = DST Root CA X3 [blabla certificat] New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Server public key is 4096 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 20 (unable to get local issuer certificate) --- 250 SMTPUTF8 --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 88045AD85B73079D6BE920B0BCEF3C1F220C90AE3F59F6D00496CB8C3240E667 Session-ID-ctx: Resumption PSK: B5335A29FE60BA88017FEE9558B6E3A85981DA340B0EE0F92490EAEFD2237994B455CBCE7FE246BEADD38DEBD048D1D6 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: [blabla and, at last] --- read R BLOCK TLS1.3 over HTTPS 443 on Opera or Firefox works great too... Why world so cruel ? I assume i'm not seeing the fault. Cheers Yohan
I forget! Sorry... I realize those STARTTLS lines in mail.log are IPv6 ; my mind tells me that this may be the problem. re-cheers
