imap-login SSLv3 causes signal 11, core dump and DoS. ssl_protocols = ??

Reindl Harald h.reindl at thelounge.net
Sat Mar 21 10:55:31 UTC 2015



Am 21.03.2015 um 11:51 schrieb James:
> On 21/03/2015 10:00, James wrote:
>
>>>> the "SSL23_GET_CLIENT_HELLO:unsupported protocol" seems to do what I
>>>> thought the ssl_protocols setting did.
>>>> Do I still need, if I ever needed, the "ssl_protocols = " setting?
>>>
>>> All these ssl_* settings just go to OpenSSL without Dovecot (or I)
>>> knowing all that much about them. I think you still need it, but maybe
>>> it's because your ssl_cipher_list is so limited that it fails the
>>> session anyway (just my guess).
>
> I'd better add this PS, my openssl is compiled with "no-ssl3" which is
> where the the SSL23 unsupported is coming from.  I've remove the
> "no-ssl3" from openssl indeed it accepts the connection, however, with
> "ssl_protocols = !SSLv2 !SSLv3" in dovecot.conf imap-login still sig 11s

well, remove that brickage of "special compile"



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://dovecot.org/pipermail/dovecot/attachments/20150321/fe913ef0/attachment.sig>


More information about the dovecot mailing list