Radicale 2.1 CalDAV may fail with the following error messages logged:
radicale.log:
[SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:720)
syslog:
... rip=127.0.0.1, lip=127.0.0.1, TLS handshaking: SSL_accept() failed ...
... imap-login: Disconnected: Inactivity (no auth attempts in 180 secs): user=<>, rip=127.0.0.1, lip=127.0.0.1, TLS handshaking
This looks like an incompatibility between OpenSSL and Python urllib regarding SSL connections. SSLv3 is disabled in Dovecot IMAP.
To work around the issue force radicale_imap to use TLSv1_2:
(TLSv1_3 is not a valid option)
/usr/lib/python3/dist-packages/radicale_imap/__init__.py:
... # Upgrade connection to StartTLS #context = ssl.create_default_context() context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2) ...
/etc/radicale/config:
[auth]
type = radicale_imap
imap_host = 127.0.0.1:143
imap_secure = True