similar to: imap-login SSLv3 causes signal 11, core dump and DoS. ssl_protocols = ??

On 20/03/2015 18:24, Timo Sirainen wrote: >> Connecting to dovecot with ssl3 causes imap-login to die: >> >> Mar 20 11:30:35 MAILHOST dovecot: [ID 583609 mail.crit] imap-login: Fatal: master: service(imap-login): child 21918 killed with signal 11 (core dumped) [last ip=127.0.0.1] > > I can't reproduce it. I tried it with the same ssl_* settings you had. Can you get a

On 20 Mar 2015, at 13:59, James <lista at xdrv.co.uk> wrote: > > Connecting to dovecot with ssl3 causes imap-login to die: > > Mar 20 11:30:35 MAILHOST dovecot: [ID 583609 mail.crit] imap-login: Fatal: master: service(imap-login): child 21918 killed with signal 11 (core dumped) [last ip=127.0.0.1] I can't reproduce it. I tried it with the same ssl_* settings you had. Can

On 21/03/2015 10:00, James wrote: >>> the "SSL23_GET_CLIENT_HELLO:unsupported protocol" seems to do what I >>> thought the ssl_protocols setting did. >>> Do I still need, if I ever needed, the "ssl_protocols = " setting? >> >> All these ssl_* settings just go to OpenSSL without Dovecot (or I) >> knowing all that much about them. I

Am 21.03.2015 um 11:51 schrieb James: > On 21/03/2015 10:00, James wrote: > >>>> the "SSL23_GET_CLIENT_HELLO:unsupported protocol" seems to do what I >>>> thought the ssl_protocols setting did. >>>> Do I still need, if I ever needed, the "ssl_protocols = " setting? >>> >>> All these ssl_* settings just go to OpenSSL

On 21/03/2015 10:55, Reindl Harald wrote: > > well, remove that brickage of "special compile" I'm sorry but I did not understand your comment.

Am 21.03.2015 um 12:02 schrieb James: > On 21/03/2015 10:55, Reindl Harald wrote: >> >> well, remove that brickage of "special compile" > > I'm sorry but I did not understand your comment why do you compile openssl that way? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size:

On 21/03/2015 11:07, Reindl Harald wrote: >>> well, remove that brickage of "special compile" >> >> I'm sorry but I did not understand your comment > > why do you compile openssl that way? What way? With or without ssl3? I've now done it both ways. Reading: https://wiki.openssl.org/index.php/Compilation_and_Installation no-ssl3 seems to be a

Am 21.03.2015 um 12:12 schrieb James: > On 21/03/2015 11:07, Reindl Harald wrote: > >>>> well, remove that brickage of "special compile" >>> >>> I'm sorry but I did not understand your comment >> >> why do you compile openssl that way? > > What way? With or without ssl3? I've now done it both ways. > > Reading: >

Cipher list which You post provide better compatibility or security than those which I currently have? On older software version these cipher list works well and not generate any errors when I run Internal PCI scan test from https://cloud.tenable.com for another server. But for new server with newer software during test I got errors in mail.err. 2017-04-27 10:00 GMT+02:00 Aki Tuomi <aki.tuomi

What kind of test are you running? Aki > On April 27, 2017 at 12:00 PM Poliman - Serwis <serwis at poliman.pl> wrote: > > > I turned of ssl_cipher_list in dovecot.conf file (so it's default) but test > still gives errors: > Apr 27 08:55:06 serwer-1 dovecot: pop3-login: Error: SSL: Stacked error: > error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown

Hi, To default dovecot.conf file I added (based on found documentation): ssl = required disable_plaintext_auth = yes #change default 'no' to 'yes' ssl_prefer_server_ciphers = yes ssl_options = no_compression ssl_dh_parameters_length = 2048 ssl_cipher_list =

Thank You for answers. But: 1. How should be properly configured ssl_cipher_list? 2. Ok, removed !TLSv1 !TLSv1.1. 3. Strange thing with ssl_protocols and ssl_cipher_list, because on older server on Ubuntu 14.04 LTS, dovecot 2.2.9 and postfix 2.11.0 these two lines looks exactly this same and no errors in mail.err file and mailes works without any problem. 4. No, currently I don't use LMTP.

On 02/29/2016 05:33 AM, C. L. Martinez wrote: > More info in my ssl_error.log: > > Mon Feb 29 14:32:06 2016] [info] [client 10.64.118.59] SSL handshake failed: HTTP spoken on HTTPS port; trying to send HTML error page > [Mon Feb 29 14:32:06 2016] [info] SSL Library Error: 336027804 error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request speaking HTTP to HTTPS port!? Well, that

Hello! dsync SSL still doesn't work for replication, so I've disabled it and tried to sync without. But I have a problem with temp directory. Is it possible to change path to temp folder? I don't want to set permissions but change temporary folder for replication. Thanks in advance. dovecot: doveadm: Error: safe_mkstemp(/tmp/dovecot.doveadm.) failed: Permission denied

Hi. I have in mail.err file lines like below: Nov 5 08:40:00 s1 dovecot: imap-login: Error: SSL: Stacked error: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request Nov 5 08:40:00 s1 dovecot: imap-login: Error: SSL: Stacked error: error:1408A10B:SSL routines:ssl3_get_client_hello:wrong version number Nov 5 08:40:05 s1 dovecot: pop3-login: Error: SSL: Stacked error:

Thank you. Can I do something with this? 2018-11-05 9:11 GMT+01:00 Aki Tuomi <aki.tuomi at open-xchange.com>: > > On 5.11.2018 10.05, Poliman - Serwis wrote: > > Hi. I have in mail.err file lines like below: > > Nov 5 08:40:00 s1 dovecot: imap-login: Error: SSL: Stacked error: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request > > Nov 5 08:40:00 s1

I currently use Ubuntu 20.04 with Dovecot 2.3.7.2 and OpenSSL 1.1.1f. A few months ago there was an update to all these systems and since then I've had to talk W7 and old Mac clients through disabling ports 993/995 with TLS enabled back to ports 143/110 without SSL or they could not pick up email. Thunderbird users (ie; me) were unaffected. Could anyone share a set of port 993/995 SSL

I performed a quick test and it seems that the "ssl_protocols" setting is per-IP only and shared among all listeners defined for that address. As you want this setting to be active for one specific "inet_listener" only (with port 10995 in your case), dovecot would have to permit the "ssl_protocols" directive in that scope, which it doesn?t. As a workaround I suggest

Hi all, I have a question regarding the "ssl_protocols" parameter. I understand that editing the 10-ssl.conf file I can set the ssl_protocols variable as required. At the same time, I can edit a single protocol file (eg: 20-pop3.conf) to set the ssl_protocols for a specific protocol/listener. I wander if (and how) I can create a different listener for another POP3 instance, for

On 16/7/20 5:54 am, Benny Pedersen wrote: >>> FWIW I meant if the client is Windows7/old-Outlook then changing >>> either 993/SSL or 143/STARTTLS to 143/NONE could help pick up the >>> mail. > > windows 7 just need tls 1.0, why its need to disabled all, is as well > beyong me, do not disable tls 1.0 in dovecot aslong one have windows > 7 clients Would anyone