Mailinglist Archive: opensuse-factory (454 mails)

< Previous Next >
[opensuse-factory] Fun with dovecot and openssl 1.1
Hello,

openssl 1.1 brought some fun with dovecot:

dovecot[4381]: lmtp(19209): Fatal: Invalid ssl_protocols setting:
Unknown protocol 'SSLv2'

The reason was this line in /etc/dovecot/conf.d/10-ssl.conf:

ssl_protocols = !SSLv2 !SSLv3

Looks like support for SSLv2 was removed from openssl 1.1 completely
(not a bad move, it's known to be insecure since years) - but no longer
recognizing it as excluded protocol is (at least) a bit annoying ;-)

After removing the !SSLv2 part, dovecot starts again.

I'm not sure if this is worth a bugreport on the openssl side, or if it
will be closed as "works as designed" instantly.

OTOH, the line I quoted matches the default dovecot config, so if this
change is intentional on the openssl side, the default config needs to
be updated.

So - who should receive a bugreport? openssl for breaking backward
compability, or dovecot to adjust the default config?


Regards,

Christian Boltz
--
Reason why a bot: the bot is just less 'stressed' any makes less
mistakes for such obvious things. And people can discuss with the bot
as much as they want. [Dominique Leuenberger in opensuse-packaging]

--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups