Welcome, Guest. Please login or register.
Did you miss your activation email?

Author Topic: dovecott imap stopped working after the last openssl update  (Read 3199 times)

Offline vayu

  • User
  • Posts: 228
Since it took me all morning to figure out how to get my email working again, FYI:
dovecot imap stopped working after the du with the openssl update of these packages:
Code: [Select]
openssl:amd64 (1.1.0h-4, 1.1.1~~pre9-1),
libssl-dev:amd64 (1.1.0h-4, 1.1.1~~pre9-1),
libssl-doc:amd64 (1.1.0h-4, 1.1.1~~pre9-1),
libssl1.1:amd64 (1.1.0h-4, 1.1.1~~pre9-1),
The error in my system logs was:
Code: [Select]
dovecot  imap-login: Error: Failed to initialize SSL server context: Can't load SSL certificate: error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small:The solution was to make a new self signed certificate with a key length of 4096 (it might have worked with 2048 but I didn't experiment, the original 1024 I had was too small)
Code: [Select]
openssl genrsa -out dovecot.key 4096If there's interest I can outline the step by step process to create a self signed certificate.
« Last Edit: 2018/08/26, 19:00:53 by vayu »

Offline vayu

  • User
  • Posts: 228
Re: dovecott imap stopped working after the last openssl update
« Reply #1 on: 2018/08/26, 18:53:49 »
While I'm here I might as well list the steps.
Create a self signed SSL certificate for dovecot

Code: [Select]
# openssl genrsa -out dovecot.key 4096
Code: [Select]
# openssl req -new -key dovecot.key -out dovecot.csrThis will ask for information.
Some fields can be left blank by pressing enter, fill in the capital letters:
Country Name (2 letter code) [AU]:YOURCOUNTRYCODE
State or Province Name (full name) [Some-State]:YOURSTATE
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:YOURCOMPANY
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:YOURSERVERNAME
Email Address []:YOUREMAIL

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:YOURPASSWORD
An optional company name []:

Code: [Select]
# openssl x509 -req -days 365 -in dovecot.csr -signkey dovecot.key -out dovecot.crt
# cp dovecot.key /etc/ssl/private/
# cp dovecot.crt /etc/ssl/certs/

# cd /etc/ssl/private
# chown root:dovecot dovecot.key
# chmod 440 dovecot.key

# cd /etc/ssl/certs
# chown root:dovecot dovecot.crt
# chmod 440 dovecot.crt

In the dovecot configuration file:
ssl = yes
ssl_cert = </etc/ssl/certs/dovecot.crt
ssl_key = </etc/ssl/private/dovecot.key
ssl_key_password = YOURPASSWORD
ssl_verify_client_cert = no
ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL

Add dovecot user to ssl-cert group
Code: [Select]
# adduser dovecot ssl-cert

Offline hendrikL

  • Global Moderator
  • User
  • *****
  • Gravatar
  • Posts: 558
Re: dovecott imap stopped working after the last openssl update
« Reply #2 on: 2018/08/27, 18:11:54 »
Mh, i don't have dovecott , but maybe a downgrade of openssl to testing helps.

Offline Kan

  • User
  • Posts: 40
Re: dovecott imap stopped working after the last openssl update
« Reply #3 on: 2018/08/27, 19:43:41 »
Yes, openssl has a bug that is causing several applications to stop working, including issues with OpenVPN. I can't use my Enpass password application either as a result.