[Pkg-openssl-devel] Bug#924621: Bug#924621: openssl 1.1.1b-1 make fetchmail unusable

Sebastian Andrzej Siewior sebastian at breakpoint.cc
Tue Mar 19 07:27:32 GMT 2019


On 2019-03-19 08:39:37 [+0900], Atsuhito Kohda wrote:
> Hi Sebastian,
Hi, Atsuhito

> On Mon, 18 Mar 2019 20:34:04 +0100, Sebastian Andrzej Siewior wrote:
> 
> > I suggest to close this bug becuase I don't think it is an openssl bug
> > nor dovecot. The part about minimal key/cipher requirement is already
> > documented since 1.1.1-2 in NEWS.Debian.gz. The difference between a and
> > b release is simply that it now the return code is now set properly in
> > the error case (which cause dovecot to fail).
> 
> I can understand the difference of return code might affect
> the behavior of dovecot.  But under 1.1.1a dovecot works but
> not under 1.1.1b.  It looks there is no error under 1.1.1a
> but there is under 1.1.1b.  Are you sure that the problem is
> the difference of return code?

Yes. The problem was that setting a lower DH key was aborted but instead
of error the success code was returned. The github issue is
	https://github.com/openssl/openssl/issues/7677

and dovecot was not the only package that suddenly failed while it
worked before with the smaller key.

> Thanks for your advice.
> Best regards,			2019-3-19(Tue)

Sebastian



More information about the Pkg-openssl-devel mailing list