SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol

PRVS picture PRVS · Dec 25, 2014 · Viewed 10.5k times · Source

I have a problem, i made a command "openssl s_client -connect server.server:143", and the error is:

  CONNECTED(00000003)
140719622096768:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown proto col:s23_clnt.c:769:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 249 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---

I made that because the horde connection gives an error in login. How can i resolve this?

Answer

Steffen Ullrich picture Steffen Ullrich · Dec 25, 2014

openssl s_client -connect server.server:143

Port 143 is plain IMAP, that is you can not talk directly TLS to this port. If you try it you will get some data back which are not TLS, and thus strange error messages will occure. If you want to have TLS you have to either use imaps (port 993) or issue a STARTTLS command. You can also use openssl for this with

openssl s_client -connect server:143 -starttls imap

From your output it might even be that you used this option but did not put it into your question (because 7 bytes from the server would match a TLS alert, but is unusually short for an IMAP greeting). If this is the case there might be lots of reasons why the connection fails and it is not possible to pin the problem down just from your description. If you get more help look at http://noxxi.de/howto/ssl-debugging.html#hdr2.2 on how you could narrow down the problem and what you should provide on information if you need help from others.