[patch] TLS Handshake failures can crash imap-login
Teemu Huovila
teemu.huovila at dovecot.fi
Sat Apr 25 18:36:25 UTC 2015
On 04/25/2015 11:55 AM, James wrote:
> On 24/04/2015 22:17, Hanno Böck wrote:
>
> Hello,
>
>> I tracked down a tricky bug in dovecot that can cause the imap-login
>> and pop3-login processes to crash on handshake failures.
>> This can be tested by disabling SSLv3 in the dovecot config
>> (ssl_protocols = !SSLv2 !SSLv3) and trying to connect with openssl and
>> forced sslv3 (openssl s_client -ssl3 -connect localhost:995). This
>> would cause a crash.
>
> Thank you for your work on this.
>
>
>> I have seen that a bug that is probably rootet in this has been posted
>> here before regarding ssl3-disabled configs:
>> http://dovecot.org/pipermail/dovecot/2015-March/100188.html
>
> I made that earlier report. Here is another similar report:
>
> http://dovecot.org/pipermail/dovecot/2015-April/100576.html
I was unable to reproduce this nor the first report. Could you describe your environment in more detail? What version of openssl
do you have? What is the crash message you are seeing?
br,
Teemu Huovila
More information about the dovecot
mailing list