Control: severity -1 important Control: merge -1 850538 Hi,
On 15:38 Sat 01 Jul , Alexander Schier wrote: > dovecot doesn't start after the upgrade, when you configured (more) > secure TLS with the line > > ssl_protocols = !SSLv2 !SSLv3 > > with the error message: > dovecot: imap-login: Fatal: Invalid ssl_protocols setting: Unknown > protocol 'SSLv2' > > After removing !SSLv2 from the line (I assume, SSLv2 is now fully > removed from dovecot) it starts without problems. > > As this configuration is recommended in many "how to secure your > mailserver" howtos, i think this will break for many people on upgrade, > while ignoring a "!SSLv2" line when there is no such protocol should be > safe. Thanks for the report. This has been reported a number of times. To be frank, it's not even a bug in dovecot, it's OpenSSL that has removed every notion of SSLv2 from its code; the cipher and protocol strings are just passed down to OpenSSL as they are. There's not much we can do here (other than properly track 10-ssl.conf to be able to ship updated settings, which we do since 2.2.31-1). I'm merging this bug with the others and keeping it open for reference. Regards, Apollon
