password protected ssl key seems unsupported after update to 2.3.4.1
Hi,
On a debian server after an update to dovecot to 2.3.4.1 imaps mail client stop working. I’ve applied necessary migration for ssl_dh (cf https://wiki.dovecot.org/Upgrading/2.3 <https://wiki.dovecot.org/Upgrading/2.3> ) but that was not enough. The workaround I’ve setup was to remove password protection from the ssl_key file. All tests with ssl_key_password parameter failled (direct password, <path-file-with-password)
searching I’ve found a message reporting a problem with that parameter and Stephan said it was tracked internally as DOP-851
Hope this will help.
Regards, Franck
debian updade from dovecot-core:amd64 (1:2.2.34-2~bpo9+1, 1:2.3.4.1-1~bpo9+1)
# dovecot -n # 2.3.4.1 (f79e8e7e4): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.4 () # OS: Linux 4.19.0-0.bpo.2-amd64 x86_64 Debian 9.8 xfs …/…
The error message in the log prior to the workaround was : "dovecot: imap-login: Error: Failed to initialize SSL server context: Couldn't parse private SSL key: error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt, error:23077074:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 cipherfinal error, error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error, error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib: user=<>, rip=192.168.0.254, lip=192.168.0.51, session=<thtmP6iCc9jAqAD+> »
It's in our backlog, but not fixed yet.
Aki
On 24.2.2019 21.30, admin--- via dovecot wrote:
Hi,
On a debian server after an update to dovecot to 2.3.4.1 imaps mail client stop working. I’ve applied necessary migration for ssl_dh (cf https://wiki.dovecot.org/Upgrading/2.3 ) but that was not enough. The workaround I’ve setup was to remove password protection from the ssl_key file. All tests with ssl_key_password parameter failled (direct password, <path-file-with-password)
searching I’ve found a message reporting a problem with that parameter and Stephan said it was tracked internally as DOP-851
Hope this will help.
Regards, Franck
debian updade from dovecot-core:amd64 (1:2.2.34-2~bpo9+1, 1:2.3.4.1-1~bpo9+1)
# dovecot -n # 2.3.4.1 (f79e8e7e4): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.4 () # OS: Linux 4.19.0-0.bpo.2-amd64 x86_64 Debian 9.8 xfs …/…
The error message in the log prior to the workaround was : "dovecot: imap-login: Error: Failed to initialize SSL server context: Couldn't parse private SSL key: error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt, error:23077074:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 cipherfinal error, error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error, error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib: user=<>, rip=192.168.0.254, lip=192.168.0.51, session=<thtmP6iCc9jAqAD+> »
Thanks for that quick answer. Apart from this mailing list, is there a way to follow the work on a precise ticket? If not, by curiosity, what is the reason?
Franck
Le 25 févr. 2019 à 09:33, Aki Tuomi via dovecot <dovecot@dovecot.org> a écrit :
It's in our backlog, but not fixed yet.
Aki
On 24.2.2019 21.30, admin--- via dovecot wrote:
Hi,
On a debian server after an update to dovecot to 2.3.4.1 imaps mail client stop working. I’ve applied necessary migration for ssl_dh (cf https://wiki.dovecot.org/Upgrading/2.3 ) but that was not enough. The workaround I’ve setup was to remove password protection from the ssl_key file. All tests with ssl_key_password parameter failled (direct password, <path-file-with-password)
searching I’ve found a message reporting a problem with that parameter and Stephan said it was tracked internally as DOP-851
Hope this will help.
Regards, Franck
debian updade from dovecot-core:amd64 (1:2.2.34-2~bpo9+1, 1:2.3.4.1-1~bpo9+1)
# dovecot -n # 2.3.4.1 (f79e8e7e4): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.4 () # OS: Linux 4.19.0-0.bpo.2-amd64 x86_64 Debian 9.8 xfs …/…
The error message in the log prior to the workaround was : "dovecot: imap-login: Error: Failed to initialize SSL server context: Couldn't parse private SSL key: error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt, error:23077074:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 cipherfinal error, error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error, error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib: user=<>, rip=192.168.0.254, lip=192.168.0.51, session=<thtmP6iCc9jAqAD+> »
participants (2)
-
admin@f-hamelin.fr
-
Aki Tuomi