cyradm and TLS 1.2
ellie timoney
ellie at fastmail.com
Tue Oct 15 19:04:58 EDT 2019
Thanks for reporting back. For whatever its worth, the equivalent fix on 2.5+ uses "TLS_client_method()", not "TLSv1_2_client_method()". I'm not sure what difference it makes, but maybe it requires a newer OpenSSL than you have?
Here's the commit to master, fyi: https://github.com/cyrusimap/cyrus-imapd/commit/78f79ea53238c8596e2f8602b7b1e29a16863ae9
On Tue, Oct 15, 2019, at 7:43 AM, John Widera wrote:
> Turns out imclient (at least in the latest RHEL7 pkg) is hardcoded to use TLSv1. Since we're building binary RPMs from Source RPMs anyway we modified imclient.c, rebuilt the RPMs, reinstalled the cyrus-imapd-utils package: Here's the patch we used:
> *----------------------------------------------------*
> *--- imclient.c.orig 2012-12-01 13:57:54.000000000 -0600*
> *+++ imclient.c 2019-10-03 14:40:11.254566297 -0500*
> *@@ -1695,7 +1695,7 @@*
> *return -1;*
> *}*
> *- imclient->tls_ctx = SSL_CTX_new(TLSv1_client_method());*
> *+ imclient->tls_ctx = SSL_CTX_new(TLSv1_2_client_method());*
> *if (imclient->tls_ctx == NULL) {*
> *return -1;*
> *};*
> -------------------------------------------
> Maybe this helps someone else.
> Regards,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20191016/c2bae383/attachment.html>
More information about the Info-cyrus
mailing list