TL;DR The "No supported cipher suites have been found" error message actually means "cannot read the SSL certificate file", either because it is not there or because the permissions prevent access.
Details: The updated imapd-ssl file included with courier-imap 5.0.5+1.0.5-1 specifies the following: # TLS_CERTFILE - certificate to use. TLS_CERTFILE must be owned # by the "courier" user, and must not be world-readable. This is not fully correct. The certificate can be owned by `root` and be in the `courier` group with 640 permissions, giving the courier group read access, and it will work correctly. But it does not work if only root has access. This represents a change in behavior. Previous versions of Courier could read an SSL certificate that was only accessible by root. For example, my /etc/courier/imapd.pem file, which was installed with Courier in 2014, was set to root:courier with 600. It worked at the time. Since then, I switched to using a Let's Encrypt SSL certificate, which also worked for a while. Tightening down the permission access is a good idea, so I applaud Courier for no longer using root access for reading certificates. It would just have been helpful for the error message to point to a problem accessing the SSL certificate file instead of describing a problem with the cipher suites (which this isn't). The solution for me was to create a copy of the Let's Encrypt certificate that was accessible by the `courier` process. -- Soren Stoutner Small Business Tech Solutions so...@smallbusinesstech.net 623-262-6169
