Package: dovecot-core
Version: 1:2.2.27-3+deb9u2
Severity: normal
Dear Maintainer,
*** Reporter, please consider answering these questions, where appropriate ***
* What led up to the situation? : Using Roundcube mail client. Unable to
login with SSLv2 disabled in dovecot conf file: 10-ssl.conf
This bug seems to be similar to this which says it has been fixed earlier:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844347
* What exactly did you do (or not do) that was effective (or
ineffective)? I had to re-enable SSLv2
with setting
ssl_protocl = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1
did not work.
with setting
ssl_protocols = !SSLv3 !TLSv1 !TLSv1.1
worked
* What was the outcome of this action? Had to enable SSLv2. But SSLv2 has
known vulnerability.
* What outcome did you expect instead? Would like to disable SSLv2 in
10-ssl.conf file
*** End of the template - remove these template lines ***
-- Package-specific info:
dovecot configuration
---------------------
# 2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.16 (fed8554)
# OS: Linux 4.9.0-8-amd64 x86_64 Debian 9.6
mail_location = mbox:~/mail:INBOX=/var/mail/%u
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
driver = pam
}
protocols = " imap pop3"
ssl = no
userdb {
driver = passwd
}
-- System Information:
Debian Release: 9.6
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.9.0-8-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages dovecot-core depends on:
ii adduser 3.115
ii init-system-helpers 1.48
ii libbz2-1.0 1.0.6-8.1
ii libc6 2.24-11+deb9u3
ii libexttextcat-2.0-0 3.4.4-2+b1
ii liblz4-1 0.0~r131-2+b1
ii liblzma5 5.2.2-1.2+b1
ii libpam-runtime 1.1.8-3.6
ii libpam0g 1.1.8-3.6
ii libssl1.1 1.1.0j-1~deb9u1
ii libstemmer0d 0+svn585-1+b2
ii libwrap0 7.6.q-26
ii lsb-base 9.20161125
ii openssl 1.1.0j-1~deb9u1
ii ucf 3.0036
ii zlib1g 1:1.2.8.dfsg-5
dovecot-core recommends no packages.
Versions of packages dovecot-core suggests:
pn dovecot-gssapi <none>
ii dovecot-imapd 1:2.2.27-3+deb9u2
pn dovecot-ldap <none>
pn dovecot-lmtpd <none>
pn dovecot-lucene <none>
pn dovecot-managesieved <none>
pn dovecot-mysql <none>
pn dovecot-pgsql <none>
ii dovecot-pop3d 1:2.2.27-3+deb9u2
pn dovecot-sieve <none>
pn dovecot-solr <none>
pn dovecot-sqlite <none>
ii ntp 1:4.2.8p10+dfsg-3+deb9u2
Versions of packages dovecot-core is related to:
ii dovecot-core [dovecot-common] 1:2.2.27-3+deb9u2
pn dovecot-dbg <none>
pn dovecot-dev <none>
pn dovecot-gssapi <none>
ii dovecot-imapd 1:2.2.27-3+deb9u2
pn dovecot-ldap <none>
pn dovecot-lmtpd <none>
pn dovecot-managesieved <none>
pn dovecot-mysql <none>
pn dovecot-pgsql <none>
ii dovecot-pop3d 1:2.2.27-3+deb9u2
pn dovecot-sieve <none>
pn dovecot-sqlite <none>
-- no debconf information
