FS#53834 - [dovecot] SSLv2 regression?
Attached to Project:
Community Packages
Opened by t-ask (tAsk) - Wednesday, 26 April 2017, 00:01 GMT
Last edited by Johannes Löthberg (demize) - Thursday, 27 April 2017, 19:58 GMT
Opened by t-ask (tAsk) - Wednesday, 26 April 2017, 00:01 GMT
Last edited by Johannes Löthberg (demize) - Thursday, 27 April 2017, 19:58 GMT
|
Details
It looks like there is a regression with !SSLv2 and dovecot
2.2.28-2 by setting:
ssl_protocols = !SSLv2 !SSLv3 !TLSv1 in "/etc/dovecot/dovecot.conf" the logs show: dovecot[24637]: imap-login: Fatal: Invalid ssl_protocols setting: Unknown protocol 'SSLv2' dovecot[24635]: master: Error: service(imap-login): command startup failed, throttling for 2 secs it looks like this bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844271 You can tempoorarily fix it with: ssl_protocols = !SSLv3 !TLSv1 |
This task depends upon
Closed by Johannes Löthberg (demize)
Thursday, 27 April 2017, 19:58 GMT
Reason for closing: Not a bug
Thursday, 27 April 2017, 19:58 GMT
Reason for closing: Not a bug
Comment by Doug Newgard (Scimmia) -
Wednesday, 26 April 2017, 02:02 GMT
Comment by Doug Newgard (Scimmia) -
Wednesday, 26 April 2017, 02:04 GMT
Comment by
Johannes Löthberg (demize) -
Thursday, 27 April 2017, 19:58 GMT
That's not a temporary fix, that's what it should be. Looks like
the default config just needs adjusted.
Wait, there is no default config, this isn't a packaging issue at
all.
This is just due to OpenSSL 1.1 not supporting SSLv2 at all
anymore. Not a bug, there's no default config.