The dovecot configuration needs to be adjusted: The option ssl_protocols has been replaced by the option ssl_min_protocol. In UCS 5.0 SSLv2 and SSLv3 were disabled by default. In UCS 5.2 by using the new option and therefore also a new UCR variable, the default for the minimum protocol has been raised to TLSv1.2.
We have to mention in the release notes that the UCR variable mail/dovecot/ssl/protocols was changed into mail/dovecot/ssl/min_protocol with changed default: -Default=!SSLv2 !SSLv3 +Default=TLSv1.2
ssl_min_protocol exists since dovecot 2.3: https://doc.dovecot.org/installation_guide/upgrading/from-2.2-to-2.3/ It shows the warning but still starts: doveconf: Warning: Obsolete setting in /etc/dovecot/conf.d/10-ssl.conf:62: ssl_protocols has been replaced by ssl_min_protocol In UCS 5.0 we already have dovecot 2.3. There it shows already: doveconf: Warning: Obsolete setting in /etc/dovecot/conf.d/10-ssl.conf:61: ssl_protocols has been replaced by ssl_min_protocol doveconf: Error: Could not find a minimum ssl_min_protocol setting from ssl_protocols = !SSLv2 !SSLv3: Unrecognized protocol 'SSLv2' → I will therfore cherry-pick the changes to UCS 5.1.
OK: config change OK: new default OK: new UCR variable is mentioned in release notes OK: changelog entry
(In reply to Florian Best from comment #2) > We have to mention in the release notes that the UCR variable > mail/dovecot/ssl/protocols was changed into mail/dovecot/ssl/min_protocol > with changed default: > -Default=!SSLv2 !SSLv3 > +Default=TLSv1.2 We should clearly state, that the TLS versions 1.0 and 1.1 are no longer supported with default settings as of UCS 5.2.
univention-mail-dovecot (7.0.3) 5e03eed3c5a2 | fix(dovecot): replace option ssl_protocols with ssl_min_protocol