search for: openssl_min_protocol_to_opt

...itself does work fine, so it's not the config or ssl library, and 1.3-only works fine with Postfix. The problem is only in disabling TLS 1.2 for Dovecot. On connection, I'm getting an error that 1.3 is an "Unknown ssl_min_protocol setting". Reading the source code, it seems that `openssl_min_protocol_to_options` in `src/lib-ssl-iostream/iostream-openssl-common.c` is simply missing an entry like { SSL_TXT_TLSV1_3, TLS1_3_VERSION, SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2 } Is this a bug, something intentional, or has it simply not been added yet because nobody has been...

..._protocol=TLSv1.3 in my dovecot config. This produced the error: imap-login: Error: Failed to initialize SSL server context: Unknown ssl_min_protocol setting 'TLSv1.3' After some digging, I found the function that parses this setting in src/lib-ssl-iostream/iostream-openssl-common.c (openssl_min_protocol_to_options()), which maps strings such as SSL_TXT_TLSV1_2 == "TLSv1.2" (from openssl/ssl.h) to the appropriate version and option defines of OpenSSL. Said openssl/ssl.h does not contain a SSL_TXT_TLSV1_3, so it?s no surprise that dovecot does not know this setting. As a quick fix, I could prob...

...#39;s not the config or > ssl library, and 1.3-only works fine with Postfix. The problem is only > in disabling TLS 1.2 for Dovecot. > On connection, I'm getting an error that 1.3 is an "Unknown > ssl_min_protocol setting". > Reading the source code, it seems that > `openssl_min_protocol_to_options` in > `src/lib-ssl-iostream/iostream-openssl-common.c` is simply missing an > entry like > > { SSL_TXT_TLSV1_3, TLS1_3_VERSION, SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | > SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2 } > > Is this a bug, something intentional, or has it simply not been...

...This > produced the error: > > imap-login: Error: Failed to initialize SSL server context: Unknown > ssl_min_protocol setting 'TLSv1.3' > > After some digging, I found the function that parses this setting in > src/lib-ssl-iostream/iostream-openssl-common.c > (openssl_min_protocol_to_options()), which maps strings such as > SSL_TXT_TLSV1_2 == "TLSv1.2" (from openssl/ssl.h) to the appropriate > version and option defines of OpenSSL. > > Said openssl/ssl.h does not contain a SSL_TXT_TLSV1_3, so it?s no > surprise that dovecot does not know this setting. As...