Reindl Harald
2015-Mar-21 10:55 UTC
imap-login SSLv3 causes signal 11, core dump and DoS. ssl_protocols = ??
Am 21.03.2015 um 11:51 schrieb James:> On 21/03/2015 10:00, James wrote: > >>>> the "SSL23_GET_CLIENT_HELLO:unsupported protocol" seems to do what I >>>> thought the ssl_protocols setting did. >>>> Do I still need, if I ever needed, the "ssl_protocols = " setting? >>> >>> All these ssl_* settings just go to OpenSSL without Dovecot (or I) >>> knowing all that much about them. I think you still need it, but maybe >>> it's because your ssl_cipher_list is so limited that it fails the >>> session anyway (just my guess). > > I'd better add this PS, my openssl is compiled with "no-ssl3" which is > where the the SSL23 unsupported is coming from. I've remove the > "no-ssl3" from openssl indeed it accepts the connection, however, with > "ssl_protocols = !SSLv2 !SSLv3" in dovecot.conf imap-login still sig 11swell, remove that brickage of "special compile" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: <http://dovecot.org/pipermail/dovecot/attachments/20150321/fe913ef0/attachment.sig>
James
2015-Mar-21 11:02 UTC
imap-login SSLv3 causes signal 11, core dump and DoS. ssl_protocols = ??
On 21/03/2015 10:55, Reindl Harald wrote:> > well, remove that brickage of "special compile"I'm sorry but I did not understand your comment.
Reindl Harald
2015-Mar-21 11:07 UTC
imap-login SSLv3 causes signal 11, core dump and DoS. ssl_protocols = ??
Am 21.03.2015 um 12:02 schrieb James:> On 21/03/2015 10:55, Reindl Harald wrote: >> >> well, remove that brickage of "special compile" > > I'm sorry but I did not understand your commentwhy do you compile openssl that way? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: <http://dovecot.org/pipermail/dovecot/attachments/20150321/70641369/attachment.sig>
Possibly Parallel Threads
- imap-login SSLv3 causes signal 11, core dump and DoS. ssl_protocols = ??
- imap-login SSLv3 causes signal 11, core dump and DoS. ssl_protocols = ??
- imap-login SSLv3 causes signal 11, core dump and DoS. ssl_protocols = ??
- imap-login SSLv3 causes signal 11, core dump and DoS. ssl_protocols = ??
- imap-login SSLv3 causes signal 11, core dump and DoS. ssl_protocols = ??