On 04/26/2015 04:07 PM, Florian Pritz wrote:
Since there are three people involved I kindly ask you to be more specific as to who should provide which (exact) information.
Given you ask for it right after quoting my link all I can tell you is that I provide all the information you ask for (openssl version, crash message) in the link you quoted. Sorry if I was not clear. Ive read the link you provided and I have all the information I need for now.
Where (openssl, distro, dovecot version) did you try reproducing it? I've asked a friend using debian or centos (don't know which) and he was unable to reproduce so as always they might be patching something, it might not affect old software or they don't link with openssl. I tried Debain squeeze, CentOS6 and Ubuntu 1404.
Seems the issue might require a version of libopenssl, that does not have support for sslv3 compiled in. I have been made aware, that we have a fix for Dovecot in the works.
br, Teemu Huovila