[Pkg-openssl-devel] Bug#871477: Bug#871477: upgrade of libssl1.1 to breaks dovecot imap via tls: kmail from debian stable/unstable cannot connect to dovecot any more

Wolfgang Walter wolfgang.walter at stwm.de
Tue Aug 8 13:53:35 UTC 2017


Am Dienstag, 8. August 2017, 15:13:23 schrieben Sie:
> reassign kmail 4:16.04.3-3
> thanks
> 
> On Tue, Aug 08, 2017 at 12:44:09PM +0200, Wolfgang Walter wrote:
> > Package: libssl1.1
> > Version: 1.1.0f-4
> > Severity: important
> > 
> > After upgrading a server to libssl1.1 1.1.0f-4 kmail on debian/stable could not connect to dovecot on debian/unstable any more (kmail on debian/unstable can't connect, either).
> > 
> > Dovecot logs "... tls_process_client_hello:version too low ..."
> > 
> > Probably this is due to "Disable TLS 1.0 and 1.1".
> > 
> > Please reactivate it. We would like to continue our policy to continously test debian/unstable and debian/testing on servers in our environment. 
> 
> I'm going to start with reassigning this to kmail. I believe all
> such issues should get fixed, and that they should get fixed in
> stable and maybe oldstable too.
> 

But this also exists in ubuntu and other systems.

I agree that it would be good to fix that in debian/stable and debian/oldstable anyway (if it is indeed a kmail problem). But disabling TLS 1.0 and 1.1 in openssl directly to find other (mostly remote, often other people's) systems is bad. It makes testing unstable much harder because you have to rebuild openssl yourself with TLS 1.0 and 1.1 reactivated.

Regards,
-- 
Wolfgang Walter
Studentenwerk München
Anstalt des öffentlichen Rechts



More information about the Pkg-openssl-devel mailing list