On 04/25/2015 11:55 AM, James wrote:
On 24/04/2015 22:17, Hanno Böck wrote:
Hello,
I tracked down a tricky bug in dovecot that can cause the imap-login and pop3-login processes to crash on handshake failures. This can be tested by disabling SSLv3 in the dovecot config (ssl_protocols = !SSLv2 !SSLv3) and trying to connect with openssl and forced sslv3 (openssl s_client -ssl3 -connect localhost:995). This would cause a crash.
Thank you for your work on this.
I have seen that a bug that is probably rootet in this has been posted here before regarding ssl3-disabled configs: http://dovecot.org/pipermail/dovecot/2015-March/100188.html
I made that earlier report. Here is another similar report:
http://dovecot.org/pipermail/dovecot/2015-April/100576.html I was unable to reproduce this nor the first report. Could you describe your environment in more detail? What version of openssl do you have? What is the crash message you are seeing?
br, Teemu Huovila