Bug 1070761 - After upgrade of Tumbleweed to 20171129 dovecot shows Unknown protocol 'SSLv2'
After upgrade of Tumbleweed to 20171129 dovecot shows Unknown protocol 'SSLv2'
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Other
Current
Other Other
: P5 - None : Normal (vote)
: ---
Assigned To: Peter Varkoly
E-mail List
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-12-01 10:40 UTC by Freek de Kruijf
Modified: 2019-05-06 20:12 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Freek de Kruijf 2017-12-01 10:40:48 UTC
After upgrade of Tumbleweed to 20171129 dovecot shows the following messages:

eiktum:~ # journalctl -b -u dovecot
-- Logs begin at Fri 2017-12-01 11:14:54 CET, end at Fri 2017-12-01 11:29:40 CET. --
Dec 01 11:15:21 eiktum systemd[1]: Started Dovecot IMAP/POP3 email server.
Dec 01 11:15:22 eiktum dovecot[1651]: master: Dovecot v2.2.33.2 (d6601f4ec) starting up for imap
Dec 01 11:16:20 eiktum dovecot[1906]: imap-login: Fatal: Invalid ssl_protocols setting: Unknown protocol 'SSLv2'
Dec 01 11:16:20 eiktum dovecot[1651]: master: Error: service(imap-login): command startup failed, throttling for 2 secs
Dec 01 11:16:22 eiktum dovecot[1906]: imap-login: Fatal: Invalid ssl_protocols setting: Unknown protocol 'SSLv2'
Dec 01 11:16:22 eiktum dovecot[1651]: master: Error: service(imap-login): command startup failed, throttling for 4 secs
Dec 01 11:21:20 eiktum dovecot[1906]: imap-login: Fatal: Invalid ssl_protocols setting: Unknown protocol 'SSLv2'
Dec 01 11:21:20 eiktum dovecot[1651]: master: Error: service(imap-login): command startup failed, throttling for 8 secs
Dec 01 11:21:28 eiktum dovecot[1906]: imap-login: Fatal: Invalid ssl_protocols setting: Unknown protocol 'SSLv2'
Dec 01 11:21:28 eiktum dovecot[1651]: master: Error: service(imap-login): command startup failed, throttling for 16 secs
Dec 01 11:26:20 eiktum dovecot[1906]: imap-login: Fatal: Invalid ssl_protocols setting: Unknown protocol 'SSLv2'
Dec 01 11:26:20 eiktum dovecot[1651]: master: Error: service(imap-login): command startup failed, throttling for 32 secs
Dec 01 11:26:52 eiktum dovecot[1906]: imap-login: Fatal: Invalid ssl_protocols setting: Unknown protocol 'SSLv2'
Dec 01 11:26:52 eiktum dovecot[1651]: master: Error: service(imap-login): command startup failed, throttling for 60 secs
eiktum:~ # rpm -qa | grep openssl | sort
libopenssl1_0_0-1.0.2m-1.1.x86_64
libopenssl1_1_0-1.1.0g-2.1.x86_64
openssl-1.1.0g-1.1.noarch
openssl-1_1_0-1.1.0g-2.1.x86_64
eiktum:~ #

I changed, what I think is the default, the line "ssl_protocols = !SSLv2 !SSLv3" in "ssl_protocols = !SSLv3". This solved the problem.

Th bug is that the default should change. I assume it is caused by the upgrade of openssl.
Comment 1 James Carlson 2017-12-02 19:20:40 UTC
Original reporter's fix is correct.  openssl-1.1 dropped all support for SSLv2, so it doesn't even claim to recognize the keyword anymore.  The default ssl_protocols line just needs to be updated to remove any reference to SSLv2.
Comment 2 Arjen de Korte 2017-12-03 18:18:10 UTC
https://build.opensuse.org/request/show/547762
Comment 3 Freek de Kruijf 2018-01-25 12:23:18 UTC
Apparently solved.
Comment 4 Christian Boltz 2019-05-06 20:12:53 UTC
Leap 15.1 also suffers from this problem, see bug 1134242