password protected ssl key seems unsupported after update to 2.3.4.1

admin at f-hamelin.fr admin at f-hamelin.fr
Sun Feb 24 21:30:59 EET 2019


Hi,

On a debian server after an update to dovecot to 2.3.4.1 imaps mail client stop working.
I’ve applied necessary migration for ssl_dh (cf https://wiki.dovecot.org/Upgrading/2.3 <https://wiki.dovecot.org/Upgrading/2.3> ) but that was not enough. The workaround I’ve setup was to remove password protection from the ssl_key file. All tests with ssl_key_password parameter failled (direct password, <path-file-with-password)

searching I’ve found a message reporting a problem with that parameter and Stephan said it was tracked internally as DOP-851

Hope this will help.

Regards,
Franck

debian updade from dovecot-core:amd64 (1:2.2.34-2~bpo9+1, 1:2.3.4.1-1~bpo9+1)

# dovecot -n
# 2.3.4.1 (f79e8e7e4): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.4 ()
# OS: Linux 4.19.0-0.bpo.2-amd64 x86_64 Debian 9.8 xfs
…/…

The error message in the log prior to the workaround was : "dovecot: imap-login: Error: Failed to initialize SSL server context: Couldn't parse private SSL key: error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt, error:23077074:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 cipherfinal error, error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error, error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib: user=<>, rip=192.168.0.254, lip=192.168.0.51, session=<thtmP6iCc9jAqAD+> »




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20190224/6b259970/attachment.html>


More information about the dovecot mailing list