PGNet Dev
2020-Oct-01 15:29 UTC
BUG: _presence_ of valid openssl.cnf Option = 'ServerPreference' causes Dovecot submission relay FAIL: "failed: Failed to initialize SSL: ..."
hi, On 10/1/20 12:21 AM, JEAN-PAUL CHAPALAIN wrote:> I had the same problem when migrating from Dovecot V2.2.36 on, Centos-7 to?Dovecot v2.3.8 on Centos-8My report is specifically/solely about the addition/use of the Options = ServerPreference parameter. I don't see that in your configuration. Are you using it? In a config using Dovecot's submission proxy?
JEAN-PAUL CHAPALAIN
2020-Oct-01 15:52 UTC
BUG: _presence_ of valid openssl.cnf Option = 'ServerPreference' causes Dovecot submission relay FAIL: "failed: Failed to initialize SSL: ..."
Hi, In my Centos-8 server, it was not necessary using "Options ServerPreference" parameter. My openssl.conf look like that : openssl_conf = default_modules [ default_modules ] ssl_conf = ssl_module [ ssl_module ] system_default = crypto_policy [ crypto_policy ] *.include /etc/crypto-policies/back-ends/opensslcnf.config* And /etc/crypto-policies/back-ends/opensslcnf.config : CipherString @SECLEVEL=2:kEECDH:kRSA:kEDH:kPSK:kDHEPSK:kECDHEPSK:-aDSS:-3DES:!DES:!RC4:!RC2:!IDEA:-SEED:!eNULL:!aNULL:!MD5:-SHA384:-CAMELLIA:-ARIA:-AESCCM8 Ciphersuites TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256 MinProtocol = *TLSv1.1* MaxProtocol = TLSv1.3 Regards Le jeu. 1 oct. 2020 ? 17:29, PGNet Dev <pgnet.dev at gmail.com> a ?crit :> hi, > > On 10/1/20 12:21 AM, JEAN-PAUL CHAPALAIN wrote: > > I had the same problem when migrating from Dovecot V2.2.36 on, Centos-7 > to Dovecot v2.3.8 on Centos-8 > > My report is specifically/solely about the addition/use of the > > Options = ServerPreference > > parameter. > > I don't see that in your configuration. > > Are you using it? In a config using Dovecot's submission proxy? >-- -- Jean-Paul Chapalain - Arkea - DEXT/IAAS -- 1 rue Louis Lichou - Le Relecq-Kerhuon - 29808 Brest Cedex 9, FRANCE -- +33298002873 (int:302873) -- Pgpkey=9f7a25a76f7e036a2c07fcb16eccd41c015d5fca -- *Ce?message?et toutes les pi?ces jointes (ci-apr?s le "message") sont? confidentiels?et ?tablis ? l'intention exclusive de ses destinataires. Toute utilisation ou diffusion non autoris?e?est?interdite. Tout?message? ?tant susceptible d'alt?ration, l'?metteur d?cline toute responsabilit? au titre de?ce?message?s'il a ?t? alt?r?, d?form? ou falsifi?.?**__*This? message?and any attachments (the "message") are confidential and intended solely for the addressees. Any unauthorised use or dissemination is prohibited. As e-mails are susceptible to alteration, the issuer shall not be liable for the?message?if altered, changed or falsified. -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20201001/e0dabbef/attachment-0001.html>
JEAN-PAUL CHAPALAIN
2020-Oct-01 15:58 UTC
BUG: _presence_ of valid openssl.cnf Option = 'ServerPreference' causes Dovecot submission relay FAIL: "failed: Failed to initialize SSL: ..."
Hi, In my case, it's value for MinProtocol that was wrong : must by TLSv1.1 Regards Regards Le jeu. 1 oct. 2020 ? 17:52, JEAN-PAUL CHAPALAIN < jean-paul.chapalain at arkea.com> a ?crit :> Hi, > > In my Centos-8 server, it was not necessary using "Options > ServerPreference" parameter. > > My openssl.conf look like that : > > openssl_conf = default_modules > [ default_modules ] > ssl_conf = ssl_module > [ ssl_module ] > system_default = crypto_policy > [ crypto_policy ] > *.include /etc/crypto-policies/back-ends/opensslcnf.config* > > And /etc/crypto-policies/back-ends/opensslcnf.config : > CipherString > @SECLEVEL=2:kEECDH:kRSA:kEDH:kPSK:kDHEPSK:kECDHEPSK:-aDSS:-3DES:!DES:!RC4:!RC2:!IDEA:-SEED:!eNULL:!aNULL:!MD5:-SHA384:-CAMELLIA:-ARIA:-AESCCM8 > Ciphersuites > TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256 > MinProtocol = *TLSv1.1* > MaxProtocol = TLSv1.3 > > Regards > > Le jeu. 1 oct. 2020 ? 17:29, PGNet Dev <pgnet.dev at gmail.com> a ?crit : > >> hi, >> >> On 10/1/20 12:21 AM, JEAN-PAUL CHAPALAIN wrote: >> > I had the same problem when migrating from Dovecot V2.2.36 on, Centos-7 >> to Dovecot v2.3.8 on Centos-8 >> >> My report is specifically/solely about the addition/use of the >> >> Options = ServerPreference >> >> parameter. >> >> I don't see that in your configuration. >> >> Are you using it? In a config using Dovecot's submission proxy? >> > > > -- > -- Jean-Paul Chapalain - Arkea - DEXT/IAAS > -- 1 rue Louis Lichou - Le Relecq-Kerhuon - 29808 Brest Cedex 9, FRANCE > -- +33298002873 (int:302873) > -- Pgpkey=9f7a25a76f7e036a2c07fcb16eccd41c015d5fca >-- -- Jean-Paul Chapalain - Arkea - DEXT/IAAS -- 1 rue Louis Lichou - Le Relecq-Kerhuon - 29808 Brest Cedex 9, FRANCE -- +33298002873 (int:302873) -- Pgpkey=9f7a25a76f7e036a2c07fcb16eccd41c015d5fca -- *Ce?message?et toutes les pi?ces jointes (ci-apr?s le "message") sont? confidentiels?et ?tablis ? l'intention exclusive de ses destinataires. Toute utilisation ou diffusion non autoris?e?est?interdite. Tout?message? ?tant susceptible d'alt?ration, l'?metteur d?cline toute responsabilit? au titre de?ce?message?s'il a ?t? alt?r?, d?form? ou falsifi?.?**__*This? message?and any attachments (the "message") are confidential and intended solely for the addressees. Any unauthorised use or dissemination is prohibited. As e-mails are susceptible to alteration, the issuer shall not be liable for the?message?if altered, changed or falsified. -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20201001/11f113bd/attachment.html>
PGNet Dev
2020-Oct-01 16:00 UTC
BUG: _presence_ of valid openssl.cnf Option = 'ServerPreference' causes Dovecot submission relay FAIL: "failed: Failed to initialize SSL: ..."
On 10/1/20 8:52 AM, JEAN-PAUL CHAPALAIN wrote:> In my Centos-8 server, it was not necessary using? "Options = ServerPreference" parameter.sry, then i'm unclear re: the point you're trying to make. this issue is ONLY about the problem re: THAT parameter's use, not re: general SSL error messages/causes.
Apparently Analagous Threads
- BUG: _presence_ of valid openssl.cnf Option = 'ServerPreference' causes Dovecot submission relay FAIL: "failed: Failed to initialize SSL: ..."
- BUG: _presence_ of valid openssl.cnf Option = 'ServerPreference' causes Dovecot submission relay FAIL: "failed: Failed to initialize SSL: ..."
- BUG: _presence_ of valid openssl.cnf Option = 'ServerPreference' causes Dovecot submission relay FAIL: "failed: Failed to initialize SSL: ..."
- BUG: _presence_ of valid openssl.cnf Option = 'ServerPreference' causes Dovecot submission relay FAIL: "failed: Failed to initialize SSL: ..."
- BUG: _presence_ of valid openssl.cnf Option = 'ServerPreference' causes Dovecot submission relay FAIL: "failed: Failed to initialize SSL: ..."