[Dovecot] [bug] ssl-params hangs when FIPS is enabled

Timo Sirainen tss at iki.fi
Sat Nov 2 15:31:09 EET 2013


On 1.10.2013, at 21.14, Michal Hlavinka <mhlavink at redhat.com> wrote:

> we found a bug in ssl-params. It calls openssl DH generator for 512 and 1024 bits, but in FIPS mode, openssl won't generate anything for less than 1024, so it fails with:
> error:0506A06E:Diffie-Hellman routines:DH_BUILTIN_GENPARAMS:key size too small
> 
> but when DH generator fails, ssl-params hangs forever in io_loop_run:

http://hg.dovecot.org/dovecot-2.2/rev/c472e0454ee3 should fix this.




More information about the dovecot mailing list