SVN Releases > Issues & Bugs
roudcube 1.4 Beta / Debian 9 / Dovecot - SSLV2 issue
pexus:
Hello
I see the following error in the /var/log/mail.log when trying to login on Roundcube beta 1.4.
dovecot: imap-login: Fatal: Invalid ssl_protocols setting: Unknown protocol 'SSLv2'
I have disabled SSLv2, SSLv3, TLS1.0, TLS1.1 in my dovecot configuration 10-ssl.conf
If I allow SSLv2 I can login fine. However I don't want to enable SSLv2 as it has know vulnerabilities.
I am trying to find out why roundcube is insisting on SSLv2 ?
Thanks in advance
SKaero:
You can set the connect options in the Roundcube config:
--- Code: ---// IMAP socket context options
// See http://php.net/manual/en/context.ssl.php
// The example below enables server certificate validation
//$config['imap_conn_options'] = array(
// 'ssl' => array(
// 'verify_peer' => true,
// 'verify_depth' => 3,
// 'cafile' => '/etc/openssl/certs/ca.crt',
// ),
// );
// Note: These can be also specified as an array of options indexed by hostname
$config['imap_conn_options'] = null;
--- End code ---
pexus:
Thanks for the response, however I don't think the issue is with the certificate. It is with the protocol. For some reason unless dovecot enables SSLv2 it does not work. If you notice the error is related with the protocol. Since Roundcube is initiating the imap login, I am wondering if it is defaulting to SSLv2 and if there is a way to use TLS1.2 by default?
pexus:
I will review my config and post here for reference shortly. I believe I have already set the configuration as mentioned above.
pexus:
the Imap connection config in my config.inc.php is as follows. I use self signed certs.
$config['imap_conn_options'] = array(
'ssl' => array(
'verify_peer' => false,
'verify_peer_name' => false,
'verify_depth' => 3,
'allow_self_signed' => true,
),
);
Navigation
[0] Message Index
[#] Next page
Go to full version