That wouldn't be a Roundcube issue, it would be a issue with the web server SSL configuration.

anyone else having issues in the latest roundcube version? i keep getting the SSL_ERROR_NO_CYPHER_OVERLAP errors. there is old talk about this in older versions many years ago with info how to fix but nothing works. maybe a new bug.

A colleague was in Roundcube yesterday looking at their e-mails and was kicked out.

I looked at the error log for yesterday and the error says - "PHP Deprecated:  preg_match(): Passing null to parameter #2 ($subject) of type string is deprecated in /usr/local/cpanel/base/3rdparty/roundcube/program/lib/Roundcube/bootstrap.php on line 156".

I hope someone in this forum can help?

Kind Regards

The "session" table holds the PHP session information. The "vars" column is a base64 serialized object with the session values. Inside that object you would have the "user_id" and "username" to tie the session to the "users" table.

Hi, I can't understand how sessions are organized in the database:

1) Where are the authorization sessions stored? Is it in the "session" table?
2) What data is stored in the "vars" column?
3) How can I understand how a session relates to a "users" table?

no, it doesn't work.

Black and white page that require login.. no skin, no graphics.

try_files $uri = 404; commented and nginx restarted....

Roundcube is open source webmail software it is not a service. This error comes from your SMTP server. Please contact your email provider for support.

That WAF rule seems overly broad and is matching a style attribute not anything malicious. If you can't disable that rule then the only option I can think of is a plugin to change the default settings on the HTML editor so it doesn't use that font.

Currently we are hosting roundcube 1.6.9 and roundcube 1.6.11 behind elastic load balancers in AWS protected by WAF.

We are currently having an issue where the WAF is detecting Cross Site Scripting payloads from roundcube as well as WindowsShellCommands_Body.

This is the WAF output:
"terminatingRuleMatchDetails": [ { "conditionType": "XSS", "location": "BODY", "matchedData": [ "style", "font-size: 10pt; font-family: Verdana,Geneva,sans-serif;" ], "matchedFieldName": "" } ],

Please can you advise if there are any workarounds, the emails always send if they are sent via HTML. Overriding the compose settings to always send in html in the config does not seem to work either.

That error indicates that Roundcube can't connect to the database. What database are you using and is it running on the server?