On 2019-03-19 08:39:37 [+0900], Atsuhito Kohda wrote:
> Hi Sebastian,
Hi, Atsuhito
> On Mon, 18 Mar 2019 20:34:04 +0100, Sebastian Andrzej Siewior wrote:
>
> > I suggest to close this bug becuase I don't think it is an openssl bug
> > nor dovecot. The part about minimal key/cipher requirement is already
> > documented since 1.1.1-2 in NEWS.Debian.gz. The difference between a and
> > b release is simply that it now the return code is now set properly in
> > the error case (which cause dovecot to fail).
>
> I can understand the difference of return code might affect
> the behavior of dovecot. But under 1.1.1a dovecot works but
> not under 1.1.1b. It looks there is no error under 1.1.1a
> but there is under 1.1.1b. Are you sure that the problem is
> the difference of return code?
Yes. The problem was that setting a lower DH key was aborted but instead
of error the success code was returned. The github issue is
https://github.com/openssl/openssl/issues/7677
and dovecot was not the only package that suddenly failed while it
worked before with the smaller key.
> Thanks for your advice.
> Best regards, 2019-3-19(Tue)
Sebastian
