Issue with 5.6.7 B2399 #208
Comments
|
Thanks. I've now made a change so that if the cipher list cannot be set then a slightly more descriptive error message is logged and hMailServer will continue execution. The new version will be up later today (Swedish timezone). Unfortunately OpenSSL is not super helpful in disclosing what the actual error is in the cipher string. In your case, the reason is: The new version of OpenSSL has dropped support for some weak ciphers such as ECDHE_RSA_WITH_RC4_128_SHA. In your cipher list, you've configured hMailServer (and hence OpenSSL) to exclude this cipher. Since the new version of OpenSSL does not know about this cipher, it generates an error when parsing your cipher list. If you remove this exclusion from your cipher list, the cipher list will be valid. I will clarify this in the change log when I put up the new version. |
|
Fixed in 5.6.7 build 2405. |
Yesterday I installed hMailServer-5.6.7-B2399 over hMailServer-5.6.6-B2383, and just a little while ago I realized emails haven't been coming thru since the upgrade. I did a downgrade back to B2383 and emails are flowing again. Looking at the logs, I see the following as the only items between when I upgraded and when I downgraded:
In my server's Setting->Advanced->SSL/TLS I have
SSL/TLS ciphers:
AES256-GCM-SHA384:AES128-GCM-SHA256:!RC4-SHA:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:3DES:!LOW:MEDIUM:HIGH:!aNULL:!eNULL:!ADH:!CAMELLIA:!SEED:!MD5:!EXP:!DES:!IDEA:!ECDHE_RSA_WITH_RC4_128_SHA[checked] Verify remote server SSL/TLS certificates
[checked] SSL v3.0
[checked] SSL v1.0
[checked] SSL v1.1
[checked] SSL v1.2
I am guessing that the new SSL library is handling ciphers differently or it doesn't support the same set as before, but I could be wrong.
The text was updated successfully, but these errors were encountered: