[Dovecot] Dovecot broken with newer OpenSSL

[Brad]

On Sunday 19 April 2009 03:42:03 Brad wrote:
> On Sunday 19 April 2009 00:47:20 Brad wrote:
> > On Saturday 18 April 2009 16:31:10 Timo Sirainen wrote:
> > > On Sat, 2009-04-18 at 22:26 +0200, Christian Rueger wrote:
> > > > dovecot: imap-login: Disconnected (no auth attempts): rip=Y.Y.Y.Y,
> > > > lip=X.X.X.X, TLS handshaking: SSL_accept() failed:
> > > > error:0307F041:bignum routines:BNRAND:malloc failure
> > >
> > > Oh. malloc() failed? See if increasing login_process_size helps (or se
> > > it to 0 to disable the limit).
> >
> > I am not seeing the bit about SSL_accept() and setting login_process_size
> > to 0 does not help.
>
> Another thing I forgot to mention... I had someone else do some testing
> with two 32-bit systems (i386) and he was not able to reproduce the issue.
> I haven't had a chance to double check this but I will tomorrow. So this is
> starting to look like it is specific to 64-bit systems. I am using amd64
> here.

Even weirder I have found Windows systems running Thunderbird at least
can establish a TLS session fine.

From another OpenBSD system..

$ openssl s_client -connect mail.comstyle.com:143 -starttls imap
CONNECTED(00000004)
depth=0 /C=CA/ST=Ontario/L=Toronto/O=ComStyle/OU=IMAP 
server/CN=mail.comstyle.com/emailAddress=postmaster at comstyle.com
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=CA/ST=Ontario/L=Toronto/O=ComStyle/OU=IMAP 
server/CN=mail.comstyle.com/emailAddress=postmaster at comstyle.com
verify return:1
20082:error:05066066:Diffie-Hellman routines:COMPUTE_KEY:invalid public 
key:/usr/src/lib/libssl/src/crypto/dh/dh_key.c:216:
20082:error:14098005:SSL routines:SSL3_SEND_CLIENT_KEY_EXCHANGE:DH 																																																						
lib:/usr/src/lib/libssl/src/ssl/s3_clnt.c:2109:

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.