[Bug 226323] mail/dovecot: login crashes with libressl 2.6.4 because of "ssl_protocols = !SSLv2" default config
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Sat Mar 3 11:43:40 UTC 2018
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226323
Bug ID: 226323
Summary: mail/dovecot: login crashes with libressl 2.6.4
because of "ssl_protocols = !SSLv2" default config
Product: Ports & Packages
Version: Latest
Hardware: Any
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: Individual Port(s)
Assignee: adamw at FreeBSD.org
Reporter: m.bueker at berlin.de
Assignee: adamw at FreeBSD.org
Flags: maintainer-feedback?(adamw at FreeBSD.org)
After the 28.02.2018 update of dovecot, I saw errors in maillog and was unable
to login:
Mar 1 09:21:21 server roundcube: IMAP Error: Login failed for XXX from XXX.
Failed to send LOGIN command in
/var/www/rc/program/lib/Roundcube/rcube_imap.php on line 196 (POST
/?_task=mail&_action=refresh)
Mar 1 09:21:22 server dovecot: imap-login: Fatal: Unknown ssl_protocols
setting: Unrecognized protocol 'SSLv2'
Mar 1 09:21:22 server dovecot: imap-login: Fatal: Unknown ssl_protocols
setting: Unrecognized protocol 'SSLv2'
Mar 1 09:21:22 server dovecot: master: Error: service(imap-login): command
startup failed, throttling for 2 secs
Mar 1 09:21:30 server dovecot: imap-login: Fatal: Unknown ssl_protocols
setting: Unrecognized protocol 'SSLv2'
Mar 1 09:21:30 server dovecot: master: Error: service(imap-login): command
startup failed, throttling for 4 secs
I traced the problem to this report, which talks about the default config
option "ssl_protocols = !SSLv2", which fails if SSL has dropped all support for
SSLv2: https://dovecot.org/list/dovecot/2016-November/106114.html
On my system, surprisingly, I found that "ssl_protocols = !SSLv2" is really in
the default config:
# doveconf -d ssl_protocols
ssl_protocols = !SSLv2 !SSLv3
So I followed the workaround advice of overriding the default in 10-ssl.conf:
# doveconf ssl_protocols
ssl_protocols = !SSLv3
In conclusion, since LibreSSL 2.6.4 dropped all support for SSLv2, but dovecot
includes "ssl_protocols = !SSLv2" as a default config option, these errors
occur when logging in.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ports-bugs
mailing list