Ssl – iPhone can’t authenticate at dovecot

dovecotimapiosssl

I've set up a mail server running with postfix and dovecot. Mainly configured as described here. Also I created a signed certificate from Startssl.com. IMAP is running on port 993. From my computer everything works fine. I can send and retrieve email and also the certificate is ok.
When adding the same mail account on my iPhone it just complains that the server does not respond.
With ssl verbose logging dovecot.log says:

2014-04-23 09:15:08 imap-login: Warning: SSL: where=0x10, ret=1: before/accept initialization [172.17.42.1]
2014-04-23 09:15:08 imap-login: Warning: SSL: where=0x2001, ret=1: before/accept initialization [172.17.42.1]
2014-04-23 09:15:08 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 read client hello A [172.17.42.1]
2014-04-23 09:15:08 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write server hello A [172.17.42.1]
2014-04-23 09:15:08 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write certificate A [172.17.42.1]
2014-04-23 09:15:08 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write server done A [172.17.42.1]
2014-04-23 09:15:08 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 flush data [172.17.42.1]
2014-04-23 09:15:08 imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A [172.17.42.1]
2014-04-23 09:15:08 imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A [172.17.42.1]
2014-04-23 09:15:08 imap-login: Warning: SSL failed: where=0x2002: SSLv3 read client certificate A [172.17.42.1]
2014-04-23 09:15:08 imap-login: Info: Disconnected (no auth attempts in 0 secs): user=<>, rip=172.17.42.1, lip=172.17.0.2, TLS handshaking: Disconnected, session=<xMU9K7L3TgCsESoB>

So I landed here.

Aborted login (no auth attempts) means that the client isn't even attempting to log in. Most likely you have disable_plaintext_auth=yes (default) and the client isn't configured to use SSL/TLS (or you've also set ssl=no).

I tried setting disable_plaintext_auth=no explicitly and also SSL is on on my phone.

Is there something special with iPhone and SSL?

Best Answer

The problem had nothing to do with my configuration or setup. I created my private key with a length of 8192 bits. As it turns out the iPhone does not support key with such a length.

Reducing the key length to 4096 bit solved the problem.

Related Topic