SVN Releases > Issues & Bugs

roudcube 1.4 Beta / Debian 9 / Dovecot - SSLV2 issue

<< < (3/3)

pexus:
Here is the output of dovecot -n :

--------------
# 2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.16 (fed8554)
# OS: Linux 4.9.0-8-amd64 x86_64 Debian 9.6 ext4
auth_mechanisms = digest-md5 plain login
first_valid_uid = 150
last_valid_uid = 150
mail_gid = mail
mail_location = maildir:/var/vmail/%d/%n
mail_uid = vmail
namespace inbox {
  inbox = yes
  location =
  mailbox Drafts {
    special_use = \Drafts
  }
  mailbox Junk {
    special_use = \Junk
  }
  mailbox Sent {
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    special_use = \Sent
  }
  mailbox Trash {
    special_use = \Trash
  }
  prefix =
}
passdb {
  args = /etc/dovecot/dovecot-sql.conf.ext
  driver = sql
}
postmaster_address = XXXX-masked-XXXXX
protocols = " imap pop3"
service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0660
    user = postfix
  }
  unix_listener auth-userdb {
    group = mail
    mode = 0600
    user = vmail
  }
}
ssl = required
ssl_cert = </etc/ssl/certs/dovecot.pem
ssl_cipher_list = ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
ssl_key =  # hidden, use -P to show it
ssl_prefer_server_ciphers = yes
ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1
userdb {
  args = /etc/dovecot/dovecot-sql.conf.ext
  driver = sql
}

--------

I will provide the test results of trying to connect to IMAP using a different mail client shortly.

pexus:
The symptoms are similar with another mail client such as Thunderbird.
I get the same error when SSLv2 is disabled in the dovecot 10-ssl.conf configuration file:

dovecot: imap-login: Fatal: Invalid ssl_protocols setting: Unknown protocol 'SSLv2'

So I think this is a dovecot / Debian 9.6  issue. Need to follow up on the reported bug on debian : https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918184
It would be good if others are also seeing the same issue that would help raise the severity of the dovecot package in Debian so the maintainer can fix this quickly.

pexus:
As per debian dovecot maintainer (see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918184 ) this is not an issue. SSLv2 has been completely removed from openssl library in Debian 9.6 (Stretch) and hence it is safe to remove the !SSLv2 from the ssl_protocol configuration.

This issue is resolved.

Thanks

Navigation

[0] Message Index

[*] Previous page