Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Jan Kowalski (bakenekocock.li)
Date: Sun Dec 07 2014 - 11:02:23 CST
Dnia , o godz.
"Steffan A. Cline" <steffanhldns.com> napisał(a):
have you resolved this problem yet?
I reproduce it when I connect via either imap or smtp from claws-mail
linked against gnutls 3.3.10-1 to a postfix server with dovecot sasl
In my case it is caused by my dovecot configuration, namely:
ssl_protocols = !SSLv2 !SSLv3
ssl_cipher_list = HIGH:!LOW:!SSLv2:!SSLv3:!EXP:!aNULL
According to :
> It seems that following poodle many sites incorrectly banned SSL 3.0
> record packet versions. Since gnutls uses an SSL 3.0 record to
> advertise TLS 1.2, they are effectively banning it even if it doesn't
> advertise SSL 3.0.
After removing SSLv3 from ssl_cipher_list the client connected
successfully. I'm not really sure though if it is a proper workaround
or am I opening a possible attack vector; I will be carrying out more
tests next weekend. However, I don't think it's necessary for gnutls to
behave this way, NSS works fine in either configuration.