On 20 Mar 2015, at 13:59, James <[email protected]> wrote: > > Connecting to dovecot with ssl3 causes imap-login to die: > > Mar 20 11:30:35 MAILHOST dovecot: [ID 583609 mail.crit] imap-login: Fatal: > master: service(imap-login): child 21918 killed with signal 11 (core dumped) > [last ip=127.0.0.1]
I can't reproduce it. I tried it with the same ssl_* settings you had. Can you get a gdb backtrace from the crash? It says "core dumped", so I guess there should be a core file somewhere. http://dovecot.org/bugreport.html has some more info on how to get it. > dovecot.conf had: > ssl_protocols = !SSLv2 !SSLv3 > > removing that line stops the core dump and syslog then shows: > > Mar 20 11:36:25 MAILHOST dovecot: [ID 583609 mail.info] imap-login: > Disconnected (disconnected before auth was ready, waited 0 secs): user=<>, > rip=127.0.0.1, lip=127.0.0.1, TLS handshaking: SSL_accept() failed: > error:14076102:SSL routines:SSL23_GET_CLIENT_HELLO:unsupported protocol, > session=<eqr1ubYRWgB/AAAB> > > > > the "SSL23_GET_CLIENT_HELLO:unsupported protocol" seems to do what I thought > the ssl_protocols setting did. > Do I still need, if I ever needed, the "ssl_protocols = " setting? All these ssl_* settings just go to OpenSSL without Dovecot (or I) knowing all that much about them. I think you still need it, but maybe it's because your ssl_cipher_list is so limited that it fails the session anyway (just my guess).
