Página Principal Explorar Ajuda
Iniciar Sessão
mirrors
/
mailcow-dockerized
mirror de https://github.com/mailcow/mailcow-dockerized
2
0
Fork 0
Ficheiros Problemas 0 Wiki
Ver Fonte

fix: added tls1.0/1.1 patch for openssl when using older tls versions in override (#6105)

Niklas Meyer há 10 meses atrás
pai
220fdbb168
commit
fda95301ba
3 ficheiros alterados com 24 adições e 2 exclusões
Visão Dividida Mostrar Estatísticas Diff
  1. 11 0
      data/Dockerfiles/dovecot/docker-entrypoint.sh
  2. 11 0
      data/Dockerfiles/postfix/docker-entrypoint.sh
  3. 2 2
      docker-compose.yml

+ 11 - 0
data/Dockerfiles/dovecot/docker-entrypoint.sh
Ver Ficheiro 

@@ -405,6 +405,17 @@ else
 
 	chown 401 /mail_crypt/ecprivkey.pem /mail_crypt/ecpubkey.pem
 
 fi
 
 
+# Fix OpenSSL 3.X TLS1.0, 1.1 support (https://community.mailcow.email/d/4062-hi-all/20)
 
+if grep -qE 'ssl_min_protocol\s*=\s*(TLSv1|TLSv1\.1)\s*$' /etc/dovecot/dovecot.conf /etc/dovecot/extra.conf; then
 
+    sed -i '/\[openssl_init\]/a ssl_conf = ssl_configuration' /etc/ssl/openssl.cnf
 
+
 
+    echo "[ssl_configuration]" >> /etc/ssl/openssl.cnf
 
+    echo "system_default = tls_system_default" >> /etc/ssl/openssl.cnf
 
+    echo "[tls_system_default]" >> /etc/ssl/openssl.cnf
 
+    echo "MinProtocol = TLSv1" >> /etc/ssl/openssl.cnf
 
+    echo "CipherString = DEFAULT@SECLEVEL=0" >> /etc/ssl/openssl.cnf
 
+fi
 
+
 
 # Compile sieve scripts
 
 sievec /var/vmail/sieve/global_sieve_before.sieve
 
 sievec /var/vmail/sieve/global_sieve_after.sieve

+ 11 - 0
data/Dockerfiles/postfix/docker-entrypoint.sh
Ver Ficheiro 

@@ -12,4 +12,15 @@ if [[ ! -z ${REDIS_SLAVEOF_IP} ]]; then
 
   cp /etc/syslog-ng/syslog-ng-redis_slave.conf /etc/syslog-ng/syslog-ng.conf
 
 fi
 
 
+# Fix OpenSSL 3.X TLS1.0, 1.1 support (https://community.mailcow.email/d/4062-hi-all/20)
 
+if grep -qE '\!SSLv2|\!SSLv3|>=TLSv1(\.[0-1])?$' /opt/postfix/conf/main.cf /opt/postfix/conf/extra.cf; then
 
+    sed -i '/\[openssl_init\]/a ssl_conf = ssl_configuration' /etc/ssl/openssl.cnf
 
+
 
+    echo "[ssl_configuration]" >> /etc/ssl/openssl.cnf
 
+    echo "system_default = tls_system_default" >> /etc/ssl/openssl.cnf
 
+    echo "[tls_system_default]" >> /etc/ssl/openssl.cnf
 
+    echo "MinProtocol = TLSv1" >> /etc/ssl/openssl.cnf
 
+    echo "CipherString = DEFAULT@SECLEVEL=0" >> /etc/ssl/openssl.cnf
 
+fi  
+
 
 exec "$@"

+ 2 - 2
docker-compose.yml
Ver Ficheiro 

@@ -224,7 +224,7 @@ services:
 
             - sogo
 
 
     dovecot-mailcow:
 
-      image: mailcow/dovecot:2.1
 
+      image: mailcow/dovecot:2.2
 
       depends_on:
 
         - mysql-mailcow
 
         - netfilter-mailcow
 
@@ -308,7 +308,7 @@ services:
 
             - dovecot
 
 
     postfix-mailcow:
 
-      image: mailcow/postfix:1.76
 
+      image: mailcow/postfix:1.77
 
       depends_on:
 
         mysql-mailcow:
 
           condition: service_started