Your message dated Sat, 26 Jan 2019 23:12:48 +0100
with message-id <75ef8e8b-57cb-967b-214b-63f3f0ccc...@bluegap.ch>
and subject line Re: Bug#912633: Solution
has caused the Debian Bug report #912633,
regarding courier-imap-ssl: No supported cipher suite with the recent switch to
TLS 1.3 in OpenSSL 1.1.1.
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
912633: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912633
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: courier-imap-ssl
Version: 4.18.1+0.78.0-2
Severity: grave
Justification: renders package unusable
After upgrading to the current version of OpenSSL in testing (1.1.1-2), when
courier-imap-ssl is started
/var/log/mail.log fills with the following repeated many times:
mail imapd-ssl: No supported cipher suites have been found.
-- System Information:
Debian Release: buster/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 4.18.0-2-amd64 (SMP w/6 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages courier-imap-ssl depends on:
ii courier-imap 4.18.1+0.78.0-2+b2
courier-imap-ssl recommends no packages.
courier-imap-ssl suggests no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Soren,
thanks for your report, that has been very helpful.
On 1/19/19 6:30 AM, Soren Stoutner wrote:
> Tightening down the permission access is a good idea, so I applaud
> Courier for no longer using root access for reading certificates. It
> would just have been helpful for the error message to point to a problem
> accessing the SSL certificate file instead of describing a problem with
> the cipher suites (which this isn't).
Testing this I figured that just above that line in the log
(/var/log/mail.log), courier reports pretty clear and helpful messages
regarding what's wrong with the pem file, e.g.: "No such file or
directory" or "Permission denied".
Kind Regards
Markus Wanner
--- End Message ---