I do want to clarify that this fix does not solve an upgrade scenario. It will allow new installations to work with no problem. Dovecot stores a hashed form of the password. To perform an automated upgrade, we would need access to a clear form the password, which we do not have, so there is no automated upgrade path.
Once this patch has been accepted, the solution is to run dovecot in non-fips mode. If you require all users to enter a new password (which then uses the new longer salt), this upgrades that user's mailbox. Once all users to enter a new password and their mailboxes have been upgraded, then you can return to running dovecot in fips mode. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2107773 Title: Enabling FIPS causes SALT to be 8 bytes, but OpenSSL 3.0.2 checks if SALT is < 16 bytes, breaking Dovecot and possibly other packages. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/2107773/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
