On 12/03/2024 22:54 EET steffan--- via dovecot <dovecot@dovecot.org> wrote:
I have an old CentOS 7 server using dovecot 2.2.36 and OpenSSL 1.0.2k-fips that’s been fine for quite some time. Recently I started getting complaints related to SNI.
I test with this: openssl s_client -connect mail.domain.com:993 -crlf -quiet
On macOS using OpenSSL LibreSSL 3.3.6 I test and get the default dovecot domain “SomeWrongDomain.com” which causes issues.
On Oracle Linux 9 using OpenSSL 3.0.7 I get the correct response for the domain “mail.domain.com”
What could cause this?
Thank you, Steffan Cline steffan@hldns.com<mailto:steffan@hldns.com> 602-793-0014
I have an old CentOS 7 server using dovecot 2.2.36 and OpenSSL 1.0.2k-fips that’s been fine for quite some time. Recently I started getting complaints related to SNI. I test with this: openssl s_client -connect mail.domain.com:993 -crlf -quiet On macOS using OpenSSL LibreSSL 3.3.6 I test and get the default dovecot domain “SomeWrongDomain.com” which causes issues. On Oracle Linux 9 using OpenSSL 3.0.7 I get the correct response for the domain “mail.domain.com” What could cause this? Thank you, Steffan Cline steffan@hldns.com 602-793-0014
One reason could be that Dovecot 2.3 does not support openssl3, and there is a broken patch flying around. We are close to releasing our next major release, which does include support for ossl3.
We can't really debug issues likely caused by 3rd party patch.
Try with RHEL8 or compatible, we have packages for that as well.
Aki