[Dovecot] Heartbleed openssl vulnerability?
Charles Marcus
CMarcus at Media-Brokers.com
Wed Apr 9 16:42:54 UTC 2014
On 4/9/2014 5:45 AM, Timo Sirainen <tss at iki.fi> wrote:
> By default Dovecot's login processes run in the "high security mode" where each IMAP/POP3 connection runs in its own process. This was done especially to avoid security bugs in OpenSSL from leaking users' passwords. So unless you have switched to the "high performance mode", users' passwords or other sensitive data couldn't have been leaked.http://wiki2.dovecot.org/LoginProcess
Hi Timo,
Hmmm... ours is set to high performance mode, but, I didn't set it up,
you did...
Now I'm wondering why you did this... ?
What are the ramifications of changing this on a production server? Any
possible problems/gotchas? user impact?
Thanks,
--
Best regards,
Charles
More information about the dovecot
mailing list