password protected ssl key seems unsupported after update to 2.3.4.1

Aki Tuomi aki.tuomi at open-xchange.com
Mon Feb 25 10:33:55 EET 2019


It's in our backlog, but not fixed yet.

Aki

On 24.2.2019 21.30, admin--- via dovecot wrote:
> Hi,
>
> On a debian server after an update to dovecot to 2.3.4.1 imaps mail
> client stop working.
> I’ve applied necessary migration for ssl_dh
> (cf https://wiki.dovecot.org/Upgrading/2.3 ) but that was not enough.
> The workaround I’ve setup was to remove password protection from the
> ssl_key file. All tests with ssl_key_password parameter failled
> (direct password, <path-file-with-password)
>
> searching I’ve found a message reporting a problem with that parameter
> and Stephan said it was tracked internally as DOP-851
>
> Hope this will help.
>
> Regards,
> Franck
>
> debian updade from dovecot-core:amd64 (1:2.2.34-2~bpo9+1,
> 1:2.3.4.1-1~bpo9+1)
>
> # dovecot -n
> # 2.3.4.1 (f79e8e7e4): /etc/dovecot/dovecot.conf
> # Pigeonhole version 0.5.4 ()
> # OS: Linux 4.19.0-0.bpo.2-amd64 x86_64 Debian 9.8 xfs
> …/…
>
> The error message in the log prior to the workaround was : "dovecot:
> imap-login: Error: Failed to initialize SSL server context: Couldn't
> parse private SSL key: error:06065064:digital envelope
> routines:EVP_DecryptFinal_ex:bad decrypt, error:23077074:PKCS12
> routines:PKCS12_pbe_crypt:pkcs12 cipherfinal error,
> error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe
> crypt error, error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1
> lib: user=<>, rip=192.168.0.254, lip=192.168.0.51,
> session=<thtmP6iCc9jAqAD+> »
>
>
>
>


More information about the dovecot mailing list