Majic Projects ~ [CLOSED] MAR-196 - Fix Dovecot ssl

Majic Projects

Majic Ansible Roles

Projects
Wiki
- Quick links
- Wiki
- Project wikis
- Conntrackt
- Django Pydenticon
- Gimmecert
- Majic Ansible Roles
- Pydenticon
- Scripts
- Global content

You are not logged in

Majic Ansible Roles / Closed Task MAR-196 Fix Dovecot ssl_protocols deprecation warnings

This issue has been closed with status "Closed" and resolution "RESOLVED".

- No additional actions available

Issue basics

Type of issue

Task Unknown issue type
Issue label

No label set
Category

Security Not determined
Targetted for

8.0.0 Not determined
Status

Closed

Status not determined
Progress
Priority

Normal Not determined

Affected by this issue (0)

There are no items

People involved

Posted by
branko (@branko)

Branko Majic
@branko

Last seen online at Apr 24, 2024 - 20:11

Show user details
Owned by

Not owned by anyone
Assigned to
branko (@branko)

Branko Majic
@branko

Last seen online at Apr 24, 2024 - 20:11

Show user details
Not assigned to anyone
Subscribers

0 subscriber(s)

Click here to show the list of subscribers

Times and dates

Posted at

Feb 08, 2024
Last updated

Feb 18, 2024
Estimated time

2 hours Not estimated
Time spent

1 hour No time spent

Click here to see time logged against this issue

Issue details

Resolution

RESOLVED Not determined
Reproducability

Not determined
Severity

Not determined

Attachments (0)

There is nothing attached to this issue

Child issues (0)

This issue does not have any child issues

Duplicate issues (0)

This issue does not have any duplicates

Show / hide more details »

Description

Up-to-date versions of Dovecot report warnings (in syslog) when using the ssl_protocols option. This option has been superseded by the ssl_min_protocol which simply defines the minimum allowed protocol instead of letting the user provide an explicit list.

It would be beneficial to get rid of these warnings and update the Dovecot configuration to not use the deprecated option.

Unfortunately, the new option has different semantics to the old one and the ssl_protocols option is also used for setting-up Postfix for SMTP.

On a positive side, Postfix does support specifying the list of protocols in the form of minimum allowed protocol as well, which could help avoid expanding the number of parameters for the role, so that may be the best way to go forward.

The following should be done:

Update the mail_server role.
- Replace the mail_server_tls_protocols parameter with the mail_server_minimum_tls_protocol parameter.
- New parameter should simply specify the minimum protocol version allowed, changing the semantics.
- Update existing tests or write new ones as necessary.
Update role reference documentation.
Update usage instructions.
Update release notes.

Todos (0 / 0)

Options

There are no comments

Welcome to The Bug Genie

Log in with your username and password