imap-login SSLv3 causes signal 11, core dump and DoS. ssl_protocols = ??
James
lista at xdrv.co.uk
Sat Mar 21 10:51:39 UTC 2015
On 21/03/2015 10:00, James wrote:
>>> the "SSL23_GET_CLIENT_HELLO:unsupported protocol" seems to do what I
>>> thought the ssl_protocols setting did.
>>> Do I still need, if I ever needed, the "ssl_protocols = " setting?
>>
>> All these ssl_* settings just go to OpenSSL without Dovecot (or I)
>> knowing all that much about them. I think you still need it, but maybe
>> it's because your ssl_cipher_list is so limited that it fails the
>> session anyway (just my guess).
I'd better add this PS, my openssl is compiled with "no-ssl3" which is
where the the SSL23 unsupported is coming from. I've remove the
"no-ssl3" from openssl indeed it accepts the connection, however, with
"ssl_protocols = !SSLv2 !SSLv3" in dovecot.conf imap-login still sig 11s.
James.
More information about the dovecot
mailing list