Majic Projects
Majic Ansible Roles
Go to the previous open issue
Go to the previous issue (open or closed)
star_faded.png
Please log in to bookmark issues
icon_project.png Majic Ansible Roles / Closed Task MAR-196 Fix Dovecot ssl_protocols deprecation warnings
Go to the next issue (open or closed)
Go to the next open issue
There are no more issues in that direction.
This issue has been closed with status "Closed" and resolution "RESOLVED".
Issue basics
  • Type of issue
    Task
  • Category
    Security
  • Targetted for
    8.0.0
  • Status
    Closed
  • Progress
  • Priority
    Normal
User pain
  • Type of bug
    Not triaged
  • Likelihood
    Not triaged
  • Effect
    Not triaged
Affected by this issue (0)
There are no items
People involved
Times and dates
  • Posted at
  • Last updated
  • Estimated time
    2 hours
  • Time spent
    1 hour
    Click here to see time logged against this issue
Issue details
  • Resolution
    RESOLVED
Attachments (0)
There is nothing attached to this issue
Duplicate issues (0)
This issue does not have any duplicates
Description

Up-to-date versions of Dovecot report warnings (in syslog) when using the ssl_protocols option. This option has been superseded by the ssl_min_protocol which simply defines the minimum allowed protocol instead of letting the user provide an explicit list.

It would be beneficial to get rid of these warnings and update the Dovecot configuration to not use the deprecated option.

Unfortunately, the new option has different semantics to the old one and the ssl_protocols option is also used for setting-up Postfix for SMTP.

On a positive side, Postfix does support specifying the list of protocols in the form of minimum allowed protocol as well, which could help avoid expanding the number of parameters for the role, so that may be the best way to go forward.

The following should be done:

  • Update the mail_server role.
    • Replace the mail_server_tls_protocols parameter with the mail_server_minimum_tls_protocol parameter.
    • New parameter should simply specify the minimum protocol version allowed, changing the semantics.
    • Update existing tests or write new ones as necessary.
  • Update role reference documentation.
  • Update usage instructions.
  • Update release notes.
Todos (0 / 0)
There are no comments