1. Forum
  2. Usenet
  3. LINUX.GENTOO.USER

  • [gentoo-user] fetchmail: OpenSSL reported: error:0A00018A:SSL routines:

    From Walter Dnes@21:1/5 to All on Sat Oct 26 19:20:01 2024
    My personal domain inbound email is directed to COTSE.net. I pull
    with fetchmail. After yesterday's world update, fetchmail has been
    failing with the error message in the subject. I can still access my
    incoming email via webmail mode (BLEAGH!!!). I've set my gmail address
    to forward directly to my ISP inbox, avoiding this problem.

    It seems that the latest openssl has ratcheted up their "security
    level". After "asking Mr. Google", I tried the answer at... https://askubuntu.com/questions/1233186/ubuntu-20-04-how-to-set-lower-ssl-security-level
    which doesn't work for me.

    I also tried reverting to the previous version of openssl. That
    failed because...

    * the latest "curl" requires the latest openssl

    * a whole bunch of apps in my "world" now require the latest "curl"

    I also tried...

    * USE="-ssl" emerge fetchmail # results in authorization failure

    * USE="weak-ssl-ciphers" emerge openssl # doesn't help

    Any ideas? Webmail sucks!

    --
    There are 2 types of people in this world
    1) Those who can extrapolate from incomplete data

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Walter Dnes@21:1/5 to Walter Dnes on Tue Oct 29 07:20:02 2024
    On Sat, Oct 26, 2024 at 01:14:17PM -0400, Walter Dnes wrote
    My personal domain inbound email is directed to COTSE.net. I pull
    with fetchmail. After yesterday's world update, fetchmail has been
    failing with the error message in the subject. I can still access my incoming email via webmail mode (BLEAGH!!!). I've set my gmail address
    to forward directly to my ISP inbox, avoiding this problem.

    *I'M BACK!* It may have been a co-incidence that I ran into the
    problem right after an @world update https://www.cotse.net/notices.html

    Oct 28 - During a recent deployment for some configuration changes, an incorrect version of a dovecot configuration file was deployed. This
    resulted in a weak Diffie-Hellmann parameter (1024 instead of 2048)
    to be used in our imaps and pops protocols, as well as some weaker
    ciphers to be available. We were notified by one of our subscribers
    and it has been corrected. We do not see evidence of any of our
    subscriber's email clients having selected a weaker cipher during
    this time, which could be an indication of a MITM attack on that
    subscriber. This did not affect webmail users.

    --
    There are 2 types of people in this world
    1) Those who can extrapolate from incomplete data

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)