Date: Sat, 03 Mar 2018 11:43:38 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 226323] mail/dovecot: login crashes with libressl 2.6.4 because of "ssl_protocols = !SSLv2" default config Message-ID: <bug-226323-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D226323 Bug ID: 226323 Summary: mail/dovecot: login crashes with libressl 2.6.4 because of "ssl_protocols =3D !SSLv2" default config Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: adamw@FreeBSD.org Reporter: m.bueker@berlin.de Assignee: adamw@FreeBSD.org Flags: maintainer-feedback?(adamw@FreeBSD.org) After the 28.02.2018 update of dovecot, I saw errors in maillog and was una= ble to login: Mar 1 09:21:21 server roundcube: IMAP Error: Login failed for XXX from XXX. Failed to send LOGIN command in /var/www/rc/program/lib/Roundcube/rcube_imap.php on line 196 (POST /?_task=3Dmail&_action=3Drefresh)=20 Mar 1 09:21:22 server dovecot: imap-login: Fatal: Unknown ssl_protocols setting: Unrecognized protocol 'SSLv2'=20 Mar 1 09:21:22 server dovecot: imap-login: Fatal: Unknown ssl_protocols setting: Unrecognized protocol 'SSLv2'=20 Mar 1 09:21:22 server dovecot: master: Error: service(imap-login): command startup failed, throttling for 2 secs=20 Mar 1 09:21:30 server dovecot: imap-login: Fatal: Unknown ssl_protocols setting: Unrecognized protocol 'SSLv2'=20 Mar 1 09:21:30 server dovecot: master: Error: service(imap-login): command startup failed, throttling for 4 secs=20 I traced the problem to this report, which talks about the default config option "ssl_protocols =3D !SSLv2", which fails if SSL has dropped all suppo= rt for SSLv2: https://dovecot.org/list/dovecot/2016-November/106114.html On my system, surprisingly, I found that "ssl_protocols =3D !SSLv2" is real= ly in the default config: # doveconf -d ssl_protocols ssl_protocols =3D !SSLv2 !SSLv3 So I followed the workaround advice of overriding the default in 10-ssl.con= f: # doveconf ssl_protocols ssl_protocols =3D !SSLv3 In conclusion, since LibreSSL 2.6.4 dropped all support for SSLv2, but dove= cot includes "ssl_protocols =3D !SSLv2" as a default config option, these errors occur when logging in. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-226323-13>