13 Mar
2024
13 Mar
'24
11:30 a.m.
On 2024-03-12, steffan--- via dovecot <dovecot@dovecot.org> wrote:
I have an old CentOS 7 server using dovecot 2.2.36 and OpenSSL 1.0.2k-fips= that=92s been fine for quite some time. Recently I started getting complai= nts related to SNI.
I test with this: openssl s_client -connect mail.domain.com:993 -crlf -quie= t
On macOS using OpenSSL LibreSSL 3.3.6 I test and get the default dovecot do= main =93SomeWrongDomain.com=94 which causes issues.
On Oracle Linux 9 using OpenSSL 3.0.7 I get the correct response for the do= main =93mail.domain.com=94
That's not a valid test. openssl >=1.1.1 s_client uses SNI by default, with libressl or older openssl you need to use -servername.