[Dovecot] Dovecot broken with newer OpenSSL

Brad brad at comstyle.com
Thu Apr 23 06:53:05 EEST 2009


Brad wrote:
> On Sunday 19 April 2009 03:42:03 Brad wrote:
>> On Sunday 19 April 2009 00:47:20 Brad wrote:
>>> On Saturday 18 April 2009 16:31:10 Timo Sirainen wrote:
>>>> On Sat, 2009-04-18 at 22:26 +0200, Christian Rueger wrote:
>>>>> dovecot: imap-login: Disconnected (no auth attempts): rip=Y.Y.Y.Y,
>>>>> lip=X.X.X.X, TLS handshaking: SSL_accept() failed:
>>>>> error:0307F041:bignum routines:BNRAND:malloc failure
>>>> Oh. malloc() failed? See if increasing login_process_size helps (or se
>>>> it to 0 to disable the limit).
>>> I am not seeing the bit about SSL_accept() and setting login_process_size
>>> to 0 does not help.
>> Another thing I forgot to mention... I had someone else do some testing
>> with two 32-bit systems (i386) and he was not able to reproduce the issue.
>> I haven't had a chance to double check this but I will tomorrow. So this is
>> starting to look like it is specific to 64-bit systems. I am using amd64
>> here.
> 
> Even weirder I have found Windows systems running Thunderbird at least
> can establish a TLS session fine.
> 
> From another OpenBSD system..
> 
> $ openssl s_client -connect mail.comstyle.com:143 -starttls imap
> CONNECTED(00000004)
> depth=0 /C=CA/ST=Ontario/L=Toronto/O=ComStyle/OU=IMAP 
> server/CN=mail.comstyle.com/emailAddress=postmaster at comstyle.com
> verify error:num=18:self signed certificate
> verify return:1
> depth=0 /C=CA/ST=Ontario/L=Toronto/O=ComStyle/OU=IMAP 
> server/CN=mail.comstyle.com/emailAddress=postmaster at comstyle.com
> verify return:1
> 20082:error:05066066:Diffie-Hellman routines:COMPUTE_KEY:invalid public 
> key:/usr/src/lib/libssl/src/crypto/dh/dh_key.c:216:
> 20082:error:14098005:SSL routines:SSL3_SEND_CLIENT_KEY_EXCHANGE:DH 																																																						
> lib:/usr/src/lib/libssl/src/ssl/s3_clnt.c:2109:

The GNUTLS CLI client and NSS (Thunderbird - also tested on OpenBSD) seem
to be fine establishing a TLS session.


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



More information about the dovecot mailing list