admin at f-hamelin.fr
2019-Feb-24 19:30 UTC
password protected ssl key seems unsupported after update to 2.3.4.1
Hi, On a debian server after an update to dovecot to 2.3.4.1 imaps mail client stop working. I?ve applied necessary migration for ssl_dh (cf https://wiki.dovecot.org/Upgrading/2.3 <https://wiki.dovecot.org/Upgrading/2.3> ) but that was not enough. The workaround I?ve setup was to remove password protection from the ssl_key file. All tests with ssl_key_password parameter failled (direct password, <path-file-with-password) searching I?ve found a message reporting a problem with that parameter and Stephan said it was tracked internally as DOP-851 Hope this will help. Regards, Franck debian updade from dovecot-core:amd64 (1:2.2.34-2~bpo9+1, 1:2.3.4.1-1~bpo9+1) # dovecot -n # 2.3.4.1 (f79e8e7e4): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.4 () # OS: Linux 4.19.0-0.bpo.2-amd64 x86_64 Debian 9.8 xfs ?/? The error message in the log prior to the workaround was : "dovecot: imap-login: Error: Failed to initialize SSL server context: Couldn't parse private SSL key: error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt, error:23077074:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 cipherfinal error, error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error, error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib: user=<>, rip=192.168.0.254, lip=192.168.0.51, session=<thtmP6iCc9jAqAD+> ? -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20190224/6b259970/attachment.html>
Aki Tuomi
2019-Feb-25 08:33 UTC
password protected ssl key seems unsupported after update to 2.3.4.1
It's in our backlog, but not fixed yet. Aki On 24.2.2019 21.30, admin--- via dovecot wrote:> Hi, > > On a debian server after an update to dovecot to 2.3.4.1 imaps mail > client stop working. > I?ve applied?necessary migration for ssl_dh > (cf?https://wiki.dovecot.org/Upgrading/2.3?) but that was not enough. > The workaround I?ve setup was to remove password protection from the > ssl_key file. All tests with?ssl_key_password parameter failled > (direct password, <path-file-with-password) > > searching I?ve found a message reporting a problem with that parameter > and Stephan said it was tracked internally as?DOP-851 > > Hope this will help. > > Regards, > Franck > > debian updade from dovecot-core:amd64 (1:2.2.34-2~bpo9+1, > 1:2.3.4.1-1~bpo9+1) > > # dovecot -n > # 2.3.4.1 (f79e8e7e4): /etc/dovecot/dovecot.conf > # Pigeonhole version 0.5.4 () > # OS: Linux 4.19.0-0.bpo.2-amd64 x86_64 Debian 9.8 xfs > ?/? > > The error message in the log prior to the workaround was : "dovecot: > imap-login: Error: Failed to initialize SSL server context: Couldn't > parse private SSL key: error:06065064:digital envelope > routines:EVP_DecryptFinal_ex:bad decrypt,?error:23077074:PKCS12 > routines:PKCS12_pbe_crypt:pkcs12 cipherfinal error, > error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe > crypt error, error:0907B00D:PEM?routines:PEM_read_bio_PrivateKey:ASN1 > lib: user=<>, rip=192.168.0.254, lip=192.168.0.51, > session=<thtmP6iCc9jAqAD+>?? > > > >
admin at f-hamelin.fr
2019-Feb-25 09:07 UTC
password protected ssl key seems unsupported after update to 2.3.4.1
Thanks for that quick answer. Apart from this mailing list, is there a way to follow the work on a precise ticket? If not, by curiosity, what is the reason? Franck> Le 25 f?vr. 2019 ? 09:33, Aki Tuomi via dovecot <dovecot at dovecot.org> a ?crit : > > It's in our backlog, but not fixed yet. > > Aki > > On 24.2.2019 21.30, admin--- via dovecot wrote: >> Hi, >> >> On a debian server after an update to dovecot to 2.3.4.1 imaps mail >> client stop working. >> I?ve applied necessary migration for ssl_dh >> (cf https://wiki.dovecot.org/Upgrading/2.3 ) but that was not enough. >> The workaround I?ve setup was to remove password protection from the >> ssl_key file. All tests with ssl_key_password parameter failled >> (direct password, <path-file-with-password) >> >> searching I?ve found a message reporting a problem with that parameter >> and Stephan said it was tracked internally as DOP-851 >> >> Hope this will help. >> >> Regards, >> Franck >> >> debian updade from dovecot-core:amd64 (1:2.2.34-2~bpo9+1, >> 1:2.3.4.1-1~bpo9+1) >> >> # dovecot -n >> # 2.3.4.1 (f79e8e7e4): /etc/dovecot/dovecot.conf >> # Pigeonhole version 0.5.4 () >> # OS: Linux 4.19.0-0.bpo.2-amd64 x86_64 Debian 9.8 xfs >> ?/? >> >> The error message in the log prior to the workaround was : "dovecot: >> imap-login: Error: Failed to initialize SSL server context: Couldn't >> parse private SSL key: error:06065064:digital envelope >> routines:EVP_DecryptFinal_ex:bad decrypt, error:23077074:PKCS12 >> routines:PKCS12_pbe_crypt:pkcs12 cipherfinal error, >> error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe >> crypt error, error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 >> lib: user=<>, rip=192.168.0.254, lip=192.168.0.51, >> session=<thtmP6iCc9jAqAD+> ? >> >> >> >>
Maybe Matching Threads
- password protected ssl key seems unsupported after update to 2.3.4.1
- NSS on Debian Stretch with libnss3: Can not initialize SSL context
- Blowfish issues with somewhat big files
- Connecting to XML/SOAP feed that requires pkcs12 certificate for client authentication
- ssl_key_password loaded from file: 'Couldn't parse private ssl_key'