Package: dovecot
Version: 1:2.2.27-3
Severity: normal
Hi,
Not updating /etc/dovecot/conf.d/10-ssl.conf sometimes causes problem.
dovecot-core provides /etc/dovecot/conf.d/10-ssl.conf. In Jessie,
it says "#ssl_protocols = !SSLv2". And upgrading from Jessie to
Stretch, its file doesn't change. If user removed comment out and
use it in Jessie and upgraded to Stretch, then it causes problem
with negotiating with clients as below.
>> pop3-login: Fatal: Invalid ssl_protocols setting: Unknown protocol 'SSLv2'
(Just wild guess, because libssl1.1.0 dropped SSLv2 support).
In debian/dovecot-core.postinst says
# Special handling for 10-ssl.conf.
# Copy the file if it does not exist, do nothing otherwise.
if [ "$conffile" = 'conf.d/10-ssl.conf' ]; then
if [ ! -f /etc/dovecot/$conffile ]; then
cp /usr/share/dovecot/$conffile /etc/dovecot/$conffile
chmod 0644 /etc/dovecot/$conffile
fi
# Unregister 10-ssl.conf from ucf if it's there.
ucfr --purge dovecot-core /etc/dovecot/$conffile
continue
fi
It was introduced in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773237
