[patch] TLS Handshake failures can crash imap-login
James
lista at xdrv.co.uk
Sat Apr 25 08:55:50 UTC 2015
On 24/04/2015 22:17, Hanno Böck wrote:
Hello,
> I tracked down a tricky bug in dovecot that can cause the imap-login
> and pop3-login processes to crash on handshake failures.
> This can be tested by disabling SSLv3 in the dovecot config
> (ssl_protocols = !SSLv2 !SSLv3) and trying to connect with openssl and
> forced sslv3 (openssl s_client -ssl3 -connect localhost:995). This
> would cause a crash.
Thank you for your work on this.
> I have seen that a bug that is probably rootet in this has been posted
> here before regarding ssl3-disabled configs:
> http://dovecot.org/pipermail/dovecot/2015-March/100188.html
I made that earlier report. Here is another similar report:
http://dovecot.org/pipermail/dovecot/2015-April/100576.html
James.
More information about the dovecot
mailing list