Am 24.06.2012 16:19, schrieb Timo Sirainen:
On 24.6.2012, at 12.58, Christian Rößner wrote:
I have an interesting problem: I am building dovecot packages for Ubuntu since 10.04. Never had bigger trouble with it. Now since 2.1.6 or 2.1.7 (I can not say more precisely), Thunderbird 10ESR and Outlook 2010 can no longer use 143/TLS correctly. Automx delvers 143/TLS and Outlook tells me that it can not create a secure connection. I changed automx to use 993/SSL and everything works. Under Thunderbird 10ESR, I get a box that tells me that I need to change settings. When I sent mail, TB told me that it could not copy the mail to the sent folder. I also changed to 993/SSL and everything is perfect.
At the other and, Apples Mail.app and iOS devices work perfectly over 143/TLS. So my guess is that it has to do with OpenSSL. Did something change in dovecot concerning TLS? Can I change options in the built process?
What was the Dovecot version you were using previously which worked?
Hi Christian, i made all the way trough all versions of dovecot trunk 2.0.x and since 2.1.5 on lucid 64 no problems at , but i recent had big problems with compile other stuff on ubuntu 12.4 with openssl ( didnt checked dovecot yet ) so my bet goes to the new ssl lib on 12.04 also there were workarounds in postfix to reflect this ssl update stuff, as far i remember hte ssl lib has some more and new features wich makes software not reflecting this ,may not work or fail sometimes, it may fixed with setup parameters
i.e see here
http://comments.gmane.org/gmane.mail.postfix.user/229196
--snip Viktor Dukhovni:
The OpenSSL API does not provide an interface to allow older programs to disable new protocol versions defined in later versions of the API.
Therefore, to disable TLS 1.1 or 1.2 one has to add code that uses the new constants introduced with OpenSSL 1.0.1.
Proposed patch attached.
That will be a solution for Postfix 2.10.
Meanwhile, for earlier Postfix releases, how much of the problem can be solved by changing from:
mumble_tls_mandatory_protocols = SSLv3, TLSv1
(i.e. the current default) to:
mumble_tls_mandatory_protocols = !SSLv2
I don't mind that the older Postfix versions would not be able to turn on/off protocols that didn't exist at the time Postfix was released.
Wietse
--snipend
i guees there are equal workarounds settings possible in dovecot perhaps with ssl_cipher_list ?
http://wiki.dovecot.org/SSL/DovecotConfiguration
sorry lot of speculate here until not testet myself
-- Best Regards MfG Robert Schetterer