FS#53834 : [dovecot] SSLv2 regression?

FS#53834 - [dovecot] SSLv2 regression?

Attached to Project: Community Packages
Opened by t-ask (tAsk) - Wednesday, 26 April 2017, 00:01 GMT
Last edited by Johannes Löthberg (demize) - Thursday, 27 April 2017, 19:58 GMT

Task Type	Bug Report
Category	Upstream Bugs
Status	Closed
Assigned To	Johannes Löthberg (demize)
Architecture	All
Severity	Very Low
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

It looks like there is a regression with !SSLv2 and dovecot 2.2.28-2 by setting:

ssl_protocols = !SSLv2 !SSLv3 !TLSv1

in "/etc/dovecot/dovecot.conf" the logs show:

dovecot[24637]: imap-login: Fatal: Invalid ssl_protocols setting: Unknown protocol 'SSLv2'
dovecot[24635]: master: Error: service(imap-login): command startup failed, throttling for 2 secs

it looks like this bug:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844271

You can tempoorarily fix it with:

ssl_protocols = !SSLv3 !TLSv1

This task depends upon

Closed by Johannes Löthberg (demize)
Thursday, 27 April 2017, 19:58 GMT
Reason for closing: Not a bug

Comment by Doug Newgard (Scimmia) - Wednesday, 26 April 2017, 02:02 GMT

That's not a temporary fix, that's what it should be. Looks like the default config just needs adjusted.

Comment by Doug Newgard (Scimmia) - Wednesday, 26 April 2017, 02:04 GMT

Wait, there is no default config, this isn't a packaging issue at all.

Comment by Johannes Löthberg (demize) - Thursday, 27 April 2017, 19:58 GMT

This is just due to OpenSSL 1.1 not supporting SSLv2 at all anymore. Not a bug, there's no default config.

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#53834 - [dovecot] SSLv2 regression?

Details

Loading...