[Pkg-openssl-devel] Bug#924621: Bug#924621: openssl 1.1.1b-1 make fetchmail unusable

[Kurt Roeckx]

On Sat, Mar 16, 2019 at 09:06:06AM +0900, Atsuhito Kohda wrote:
> Hi Sebastian,
> 
> On Fri, 15 Mar 2019 22:08:13 +0100, Sebastian Andrzej Siewior wrote:
> 
> > Do you have somewhere more information what failed on the fetchmail
> > side? 
> 
> Yes, I have error messages of fetchmail but they contains
> some Japanese characters. (I added simple translations of
> them but not precise translations.)
> 
> fetchmail: System error during SSL_connect(): 接続が相手からリセットされました
> fetchmail: SSL による接続に失敗しました。
> fetchmail: socketエラーが **server name** よりメールを受信している最中に発生しました。
> fetchmail: Query status=2 (SOCKET)
> 
> line #1:connection is reset by server
> line #2:connection by SSL is failed
> line #3:during receiving mail from **server name**, a socket error occured
> 
> > Is the server using by any chance a small DH key?
> 
> Not sure but on the server dovecot (of Debian package) is running.

So from what I understand, the problem is really on the dovecot
side. What does dovecot's log show?

Dovecot can configure DH, which seems to default to:
ssl_dh = </usr/share/dovecot/dh.pem

That file should be fine, it's 4096 bit.


Kurt