<html>
<head>
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Thanks! You have the more correct fix:<br>
<br>
From:
<a class="moz-txt-link-freetext" href="https://www.openssl.org/docs/man1.1.0/man3/TLSv1_client_method.html">https://www.openssl.org/docs/man1.1.0/man3/TLSv1_client_method.html</a><br>
<br>
"TLS_method(), TLS_server_method(), TLS_client_method()<br>
These are the general-purpose version-flexible SSL/TLS methods. The
actual protocol version used will be negotiated to the highest
version mutually supported by the client and the server. The
supported protocols are SSLv3, TLSv1, TLSv1.1 and TLSv1.2.
Applications should use these methods, and avoid the
version-specific methods described below."<br>
<br>
Thanks,<br>
John<br>
<br>
<br>
<div class="moz-cite-prefix">On 10/15/2019 6:04 PM, ellie timoney
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:4eed8a30-25d1-4be7-a6b3-bc625b33fefe@www.fastmail.com">
<meta http-equiv="content-type" content="text/html;
charset=windows-1252">
<p>**********************<br>
CAUTION: EXTERNAL MAIL<br>
**********************</p>
<title></title>
<style type="text/css">p.MsoNormal,p.MsoNoSpacing{margin:0}</style>
<div>Thanks for reporting back. For whatever its worth, the
equivalent fix on 2.5+ uses "TLS_client_method()", not
"TLSv1_2_client_method()". I'm not sure what difference it
makes, but maybe it requires a newer OpenSSL than you have?<br>
</div>
<div><br>
</div>
<div>Here's the commit to master, fyi: <a
href="https://github.com/cyrusimap/cyrus-imapd/commit/78f79ea53238c8596e2f8602b7b1e29a16863ae9"
moz-do-not-send="true">https://github.com/cyrusimap/cyrus-imapd/commit/78f79ea53238c8596e2f8602b7b1e29a16863ae9</a><br>
</div>
<div><br>
</div>
<div>On Tue, Oct 15, 2019, at 7:43 AM, John Widera wrote:<br>
</div>
<blockquote type="cite" id="qt">
<p>Turns out imclient (at least in the latest RHEL7 pkg) is
hardcoded to use TLSv1. Since we're building binary RPMs from
Source RPMs anyway we modified imclient.c, rebuilt the RPMs,
reinstalled the cyrus-imapd-utils package: Here's the patch
we used:<br>
</p>
<p><span style="font-size:9pt" class="size"><b>----------------------------------------------------</b></span><br>
</p>
<div><span style="font-size:9pt" class="size"><b>---
imclient.c.orig 2012-12-01 13:57:54.000000000 -0600</b></span><br>
</div>
<div><span style="font-size:9pt" class="size"><b>+++ imclient.c
2019-10-03 14:40:11.254566297 -0500</b></span><br>
</div>
<div><span style="font-size:9pt" class="size"><b>@@ -1695,7
+1695,7 @@</b></span><br>
</div>
<div><span style="font-size:9pt" class="size"><b>return -1;</b></span><br>
</div>
<div><span style="font-size:9pt" class="size"><b>}</b></span><br>
</div>
<div><span style="font-size:9pt" class="size"><b>-
imclient->tls_ctx = SSL_CTX_new(TLSv1_client_method());</b></span><br>
</div>
<div><span style="font-size:9pt" class="size"><b>+
imclient->tls_ctx =
SSL_CTX_new(TLSv1_2_client_method());</b></span><br>
</div>
<div><span style="font-size:9pt" class="size"><b>if
(imclient->tls_ctx == NULL) {</b></span><br>
</div>
<div><span style="font-size:9pt" class="size"><b>return -1;</b></span><br>
</div>
<div><span style="font-size:9pt" class="size"><b>};</b></span><br>
</div>
<p>-------------------------------------------<br>
</p>
<p>Maybe this helps someone else.<br>
</p>
<p>Regards,<br>
</p>
</blockquote>
<div><br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">----
Cyrus Home Page: <a class="moz-txt-link-freetext" href="http://www.cyrusimap.org/">http://www.cyrusimap.org/</a>
List Archives/Info: <a class="moz-txt-link-freetext" href="http://lists.andrew.cmu.edu/pipermail/info-cyrus/">http://lists.andrew.cmu.edu/pipermail/info-cyrus/</a>
To Unsubscribe:
<a class="moz-txt-link-freetext" href="https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus">https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus</a></pre>
</blockquote>
<br>
</body>
</html>