25 Apr
2015
25 Apr
'15
11:55 a.m.
On 24/04/2015 22:17, Hanno Böck wrote:
Hello,
I tracked down a tricky bug in dovecot that can cause the imap-login and pop3-login processes to crash on handshake failures. This can be tested by disabling SSLv3 in the dovecot config (ssl_protocols = !SSLv2 !SSLv3) and trying to connect with openssl and forced sslv3 (openssl s_client -ssl3 -connect localhost:995). This would cause a crash.
Thank you for your work on this.
I have seen that a bug that is probably rootet in this has been posted here before regarding ssl3-disabled configs: http://dovecot.org/pipermail/dovecot/2015-March/100188.html
I made that earlier report. Here is another similar report:
http://dovecot.org/pipermail/dovecot/2015-April/100576.html
James.