fix: added tls1.0/1.1 patch for openssl when using older tls versions in override (#6105)

2025-12-13 18:06:01 +00:00 · 2024-10-15 10:32:08 +02:00
parent 220fdbb168
commit fda95301ba
3 changed files with 24 additions and 2 deletions
--- a/data/Dockerfiles/dovecot/docker-entrypoint.sh
+++ b/data/Dockerfiles/dovecot/docker-entrypoint.sh
@@ -405,6 +405,17 @@ else
 	chown 401 /mail_crypt/ecprivkey.pem /mail_crypt/ecpubkey.pem
 fi
 # Fix OpenSSL 3.X TLS1.0, 1.1 support (https://community.mailcow.email/d/4062-hi-all/20)
 if grep -qE 'ssl_min_protocol\s*=\s*(TLSv1|TLSv1\.1)\s*$' /etc/dovecot/dovecot.conf /etc/dovecot/extra.conf; then
    sed -i '/\[openssl_init\]/a ssl_conf = ssl_configuration' /etc/ssl/openssl.cnf
    echo "[ssl_configuration]" >> /etc/ssl/openssl.cnf
    echo "system_default = tls_system_default" >> /etc/ssl/openssl.cnf
    echo "[tls_system_default]" >> /etc/ssl/openssl.cnf
    echo "MinProtocol = TLSv1" >> /etc/ssl/openssl.cnf
    echo "CipherString = DEFAULT@SECLEVEL=0" >> /etc/ssl/openssl.cnf
 fi
 # Compile sieve scripts
 sievec /var/vmail/sieve/global_sieve_before.sieve
 sievec /var/vmail/sieve/global_sieve_after.sieve
--- a/data/Dockerfiles/postfix/docker-entrypoint.sh
+++ b/data/Dockerfiles/postfix/docker-entrypoint.sh
@@ -12,4 +12,15 @@ if [[ ! -z ${REDIS_SLAVEOF_IP} ]]; then
  cp /etc/syslog-ng/syslog-ng-redis_slave.conf /etc/syslog-ng/syslog-ng.conf
 fi
 # Fix OpenSSL 3.X TLS1.0, 1.1 support (https://community.mailcow.email/d/4062-hi-all/20)
 if grep -qE '\!SSLv2|\!SSLv3|>=TLSv1(\.[0-1])?$' /opt/postfix/conf/main.cf /opt/postfix/conf/extra.cf; then
    sed -i '/\[openssl_init\]/a ssl_conf = ssl_configuration' /etc/ssl/openssl.cnf
    echo "[ssl_configuration]" >> /etc/ssl/openssl.cnf
    echo "system_default = tls_system_default" >> /etc/ssl/openssl.cnf
    echo "[tls_system_default]" >> /etc/ssl/openssl.cnf
    echo "MinProtocol = TLSv1" >> /etc/ssl/openssl.cnf
    echo "CipherString = DEFAULT@SECLEVEL=0" >> /etc/ssl/openssl.cnf
 fi  
 exec "$@"
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -224,7 +224,7 @@ services:
            - sogo
    dovecot-mailcow:
-      image: mailcow/dovecot:2.1
+      image: mailcow/dovecot:2.2
      depends_on:
        - mysql-mailcow
        - netfilter-mailcow
@@ -308,7 +308,7 @@ services:
            - dovecot
    postfix-mailcow:
-      image: mailcow/postfix:1.76
+      image: mailcow/postfix:1.77
      depends_on:
        mysql-mailcow:
          condition: service_started