Dovecot TLS Key Exchange IPv4 works IPv6 does not

by Brian   Last Updated June 16, 2019 23:00 PM

I'm pretty sure it was working previously, but it isn't working now. My IPv6 is relatively new, but as shown below in the logs, IPv6 communicates with the Dovecot server. When I disable IPv6 on my machine and connect to the mail server, the key exchange completes fine and I can login:

Jun 16 18:12:56 mail dovecot: imap-login: Debug: SSL: elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges
Jun 16 18:12:56 mail dovecot: imap-login: Debug: SSL: elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges
Jun 16 18:12:56 mail dovecot: imap-login: Debug: SSL: where=0x10, ret=1: before SSL initialization [a.b.c.d]
Jun 16 18:12:56 mail dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization [a.b.c.d]
Jun 16 18:12:56 mail dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: before SSL initialization [a.b.c.d]
Jun 16 18:12:56 mail dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization [a.b.c.d]
Jun 16 18:12:56 mail dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS read client hello [a.b.c.d]
Jun 16 18:12:56 mail dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write server hello [a.b.c.d]
Jun 16 18:12:56 mail dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write certificate [a.b.c.d]
Jun 16 18:12:56 mail dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write key exchange [a.b.c.d]
Jun 16 18:12:56 mail dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write server done [a.b.c.d]
Jun 16 18:12:56 mail dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3/TLS write server done [a.b.c.d]
Jun 16 18:12:56 mail dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write server done [a.b.c.d]
Jun 16 18:12:56 mail dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS read client key exchange [a.b.c.d]
Jun 16 18:12:56 mail dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS read change cipher spec [a.b.c.d]
Jun 16 18:12:56 mail dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS read finished [a.b.c.d]
Jun 16 18:12:56 mail dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write session ticket [a.b.c.d]
Jun 16 18:12:56 mail dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write change cipher spec [a.b.c.d]
Jun 16 18:12:56 mail dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write finished [a.b.c.d]
Jun 16 18:12:56 mail dovecot: imap-login: Debug: SSL: where=0x20, ret=1: SSL negotiation finished successfully [a.b.c.d]
Jun 16 18:12:56 mail dovecot: imap-login: Debug: SSL: where=0x2002, ret=1: SSL negotiation finished successfully [a.b.c.d]
Jun 16 18:12:56 mail dovecot: imap-login: Login: user=<username_here>, method=PLAIN, rip=a.b.c.d, lip=e.f.g.h, mpid=6293, TLS, session=<session_id>

However, IPv6, the exchange never completes and thus I never login:

Jun 16 18:15:15 mail dovecot: imap-login: Debug: SSL: elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges
Jun 16 18:15:15 mail dovecot: imap-login: Debug: SSL: elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges
Jun 16 18:15:15 mail dovecot: imap-login: Debug: SSL: where=0x10, ret=1: before SSL initialization [ipv6_address]
Jun 16 18:15:15 mail dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization [ipv6_address]
Jun 16 18:15:15 mail dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: before SSL initialization [ipv6_address]
Jun 16 18:15:15 mail dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization [ipv6_address]
Jun 16 18:15:15 mail dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS read client hello [ipv6_address]
Jun 16 18:15:15 mail dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write server hello [ipv6_address]
Jun 16 18:15:15 mail dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write certificate [ipv6_address]
Jun 16 18:15:15 mail dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write key exchange [ipv6_address]
Jun 16 18:15:15 mail dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write server done [ipv6_address]
Jun 16 18:15:15 mail dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3/TLS write server done [ipv6_address]

Does anyone have ideas to debug this further? I tried changing the permitted protocols, but it doesn't seem to impact things.



Related Questions


Updated April 09, 2018 15:00 PM

Updated March 23, 2017 13:00 PM

Updated April 13, 2017 01:00 AM

Updated June 22, 2017 16:00 PM

Updated August 20, 2017 22:00 PM