[Dovecot] [bug] ssl-params hangs when FIPS is enabled
Timo Sirainen
tss at iki.fi
Sat Nov 2 15:31:09 EET 2013
On 1.10.2013, at 21.14, Michal Hlavinka <mhlavink at redhat.com> wrote:
> we found a bug in ssl-params. It calls openssl DH generator for 512 and 1024 bits, but in FIPS mode, openssl won't generate anything for less than 1024, so it fails with:
> error:0506A06E:Diffie-Hellman routines:DH_BUILTIN_GENPARAMS:key size too small
>
> but when DH generator fails, ssl-params hangs forever in io_loop_run:
http://hg.dovecot.org/dovecot-2.2/rev/c472e0454ee3 should fix this.
More information about the dovecot
mailing list