IMAP TLS connection to Dovecot fails

ssl dovecot thunderbird

First thing I would do would be to update the client.

What is happening here is an attempted protocol downgrade. That is, the client is trying to downgrade from TLSv1 to SSLv3, or from any higher version of TLS to a lower version. (Exactly which is not clear from the logs, and would require more verbose OpenSSL debugging to be enabled, but that particular detail is not really relevant.)

The reason that the protocol downgrade is failing is that your server has protocol downgrade prevention (TLS_FALLBACK_SCSV) enabled, as a mitigation for the POODLE attack.

So, the first thing to check is to make sure the client is up to date; that means at minimum Thunderbird and its supporting libraries.

After that I would check the protocol list. I'm concerned that you didn't specify TLSv1, TLSv1.1 and TLSv1.2 explicitly. While this shouldn't make a difference, as these ought to be enabled by default, it might help.

ssl_protocols = TLSv1.2 TLSv1.1 TLSv1 !SSLv3 !SSLv2

Finally, there's the rare possibility that you caught someone attempting to attack your connection, and the attack was thwarted.

Related

Sendmail - Is it secure, and really essential?
How can I get the Abusive Jerk achievement?
Is there any way to tell which tracks you've beaten TT's time on?
How does Axton's Gemini skill (two turrets) affect the recharge from retrieving turrets?
Does the Mechromancer's 'Electrical Burn' skill also cause burn damage effects from other skill-based shock/electrocute status damage effects?
Is there a quick way to defeat Master Gee?
What level should I be before facing Vilemaw?
Where can I find a hunting cabin?
How is +X% dmg to elemental skills being calculated?
What are the max skill points Class Mods can grant?
Soul Cairn: Constant Health Drain
How can I edit the sound effects?