[patch] TLS Handshake failures can crash imap-login
Teemu Huovila
teemu.huovila at dovecot.fi
Sun Apr 26 18:51:25 UTC 2015
On 04/26/2015 04:07 PM, Florian Pritz wrote:
> Since there are three people involved I kindly ask you to be more
> specific as to who should provide which (exact) information.
>
> Given you ask for it right after quoting my link all I can tell you is
> that I provide all the information you ask for (openssl version, crash
> message) in the link you quoted.
Sorry if I was not clear. Ive read the link you provided and I have all the information I need for now.
> Where (openssl, distro, dovecot version) did you try reproducing it?
> I've asked a friend using debian or centos (don't know which) and he was
> unable to reproduce so as always they might be patching something, it
> might not affect old software or they don't link with openssl.
I tried Debain squeeze, CentOS6 and Ubuntu 1404.
Seems the issue might require a version of libopenssl, that does not have support for sslv3 compiled in.
I have been made aware, that we have a fix for Dovecot in the works.
br,
Teemu Huovila
More information about the dovecot
mailing list