Radicale IMAP Auth on Debian 9 (Stretch)

Radicale 2.1 CalDAV may fail with the following error messages logged:


[SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:720)


... rip=, lip=, TLS handshaking: SSL_accept() failed ...
... imap-login: Disconnected: Inactivity (no auth attempts in 180 secs): user=<>, rip=, lip=, TLS handshaking

This looks like an incompatibility between OpenSSL and Python urllib regarding SSL connections. SSLv3 is disabled in Dovecot IMAP.

To work around the issue force radicale_imap to use TLSv1_2:
(TLSv1_3 is not a valid option)


# Upgrade connection to StartTLS
#context = ssl.create_default_context()
context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)


type = radicale_imap
imap_host =
imap_secure = True