search for: dtlsv1

...libssl.so.9 (0x28313000 > > No version info there? > I was kinda assuming you'd know which library it should link into. But.. $ strings /usr/lib/x86_64-linux-gnu/libssl.so.1.0.0 | grep OpenSSL OpenSSLDie SSLv3 part of OpenSSL 1.0.1t? 3 May 2016 TLSv1 part of OpenSSL 1.0.1t? 3 May 2016 DTLSv1 part of OpenSSL 1.0.1t? 3 May 2016 OpenSSL 1.0.1t? 3 May 2016 works at least for me. maybe this helps you? Aki

...ssl libssl.so.1.0.0 => /lib64/libssl.so.1.0.0 (0x00007f1428559000) I've put new libssl.so.1.0.0 in this location from /usr/openssl-1.0.2l-fpic/lib/ # strings /lib64/libssl.so.1.0.0|grep openssl -i SSLv3 part of OpenSSL 1.0.2l 25 May 2017 TLSv1 part of OpenSSL 1.0.2l 25 May 2017 DTLSv1 part of OpenSSL 1.0.2l 25 May 2017 looks good. and (obviously) restarted dovecot. Outside tester https://filippo.io/CVE-2016-2107 still says my imap on port 993 is vournable to CVE-2016-2107. Weird. I wish dovecot could print out version of openssl he is using on runtime (for example to maillog...

> On Oct 27, 2017, at 12:33 AM, Aki Tuomi <aki.tuomi at dovecot.fi> wrote: > > > > On 27.10.2017 00:53, krzf83 at gmail.com wrote: >> I got multiple versions of openssl in my system. I compile dovecot with >> PKG_CONFIG_PATH=/usr/openssl-1.0.2l-fpic/lib/pkgconfig ./configure >> >> How do I check which version of openssl got compiled in? configure

>> You can check with ldd /usr/lib/dovecot/imap-login (or libexec) No, I cant because I'm compiling dovecot with openssl compiled as FPIC which means that its not getting dynamicly linked. When I try to compile against non-fpic openssl I just got /usr/openssl-1.0.2l/lib/libssl.a(s23_srvr.o): relocation R_X86_64_32 against `.rodata' can not be used when making a shared object;

On 27 August 2017 08:32:06 CEST, Timo Sirainen <tss at iki.fi> wrote: >> DEF(SET_STR, ssl_protocols), >> DEF(SET_STR, ssl_cert_username_field), >> DEF(SET_STR, ssl_crypto_device), >> + DEF(SET_STR, ssl_lowest_version), > >Does it really require a new setting? Couldn't it use the existing >ssl_protocols setting? You need to set a minimal version.