KopanoCore start fail after Upgrade form UCS 4.2 to UCS 4.3

kopano
ucs-4-3

#1

Hallo Zusammen,

nach dem ich gestern das Upgrade auf UCS 4.3 durchgeführt habe startet Kopano Core nicht mehr mit der Fehlermeldung in /var/log/kopano/server.log:

Thu Mar 15 14:34:44 2018: [ notice] Starting kopano-server version 8.4.5.0 (pid 1412)
Thu Mar 15 14:34:45 2018: [warning] Config warning: Option 'sync_log_all_changes' is not used anymore.
Thu Mar 15 14:34:45 2018: [warning] Config warning: Option 'plugin_path' is not used anymore.
Thu Mar 15 14:34:45 2018: [warning] Config warning: Option 'thread_stacksize' is not used anymore.
Thu Mar 15 14:34:45 2018: [warning] Config warning: Option 'client_update_enabled' is not used anymore.
Thu Mar 15 14:34:45 2018: [warning] Config warning: Option 'client_update_path' is not used anymore.
Thu Mar 15 14:34:45 2018: [warning] Config warning: Option 'client_update_log_level' is not used anymore.
Thu Mar 15 14:34:45 2018: [warning] Config warning: Option 'client_update_log_path' is not used anymore.
Thu Mar 15 14:34:45 2018: [crit   ] Unknown protocol "SSLv2" in protos setting
Thu Mar 15 14:34:45 2018: [ notice] Server shutdown complete.

Hat jemand eine Idee, wie ich den kritischen Fehler: unknown protokoll SSLv2 beheben kann?

Danke!
BG
HBAU


#2

think you have it set in server.cfg - sslv2 should be disabled

rg
Christian


#3

came here to write the same

PS:the values from the screenshot look pretty much like the default values. Setting new value here should be done through the ucr. The following command sets the default value in ucr:

ucr set kopano/cfg/server/server_ssl_ciphers='ALL:!LOW:!SSLv2:!EXP:!aNULL'

#4

Hi Christian,

jep. That did it. Thanx.

#SSL protocols to use, set to ‘!SSLv2’ for ‘server_ssl_enable_v2 = no’
#Warning: the value “server_ssl_protocols” has been set via UCR variable “kopano/cfg/server/server_ssl_protocols”
#server_ssl_protocols = !SSLv2

But, why is this set through UCR variable?
I changed “kopano/cfg/server/server_ssl_protocols=!SSLv2” to “kopano/cfg/server/server_ssl_protocols=”


#5

I don’t think this setting was ever set by the integration itself. Did you migrate that system from Zarafa at some point?


#6

No.
I did a clean install back at UCS 4.1 and just followed the upgradepaths…
Annyway. It works now :slight_smile:


#7

This didn’t work for me:

root@intranet:~# ucr set kopano/cfg/server/server_ssl_ciphers=‘ALL:!LOW:!SSLv2:!EXP:!aNULL’
-bash: !LOW: event not found

What did work was:

ucr set kopano/cfg/server/server_ssl_protocols=

#8

Single quotes are important with that command. Did you try to execute it with double quotes? Instead of setting it empty you could also under it so it reverts back to its programmed default.


UCS Upgrade to 4.3 broke Kopano
#9

No, I used single quotes; see the lines form bash that I copied in my post. Is it still needed to do be set?


#10

Well it defines which ssl ciphers clients can use to connect to the server. If you allow known to be unsecure ciphers then an attacker can potentially snoop in on your traffic.


#11

Hi,

i have the same problem, as i originally upgraded from zarafa.
I have execute the statement, but i do still get in the log the same error:

I also checked all the ssl variables for kopano:


I was wondering about the last entry. If I set this as well to ALL:!LOW:!SSLv2:!EXP:!aNULL then i see exactly this string in the log. How do i have to set this?

Thank you very much for your help!

Kind Regards,

Tobias Lorentz


#12

you may have executed it, but the execution seems not to have been successful. Either delete the value from the gui browser or call ucr unset kopano/cfg/server/server_ssl_ciphers.


#13

Hi,

thank you very much. After deletion of kopano/cfg/server/server_ssl_ciphers and kopano/cfg/server/server_ssl_protocols it starts up again. I only see now the following error in the log:


Don’t know if this is somehow important…

Kind Regards,

Tobias Lorentz


#14

Ah, now I see it. The offending value is in kopano/cfg/server/server_ssl_protocols and not kopano/cfg/server/server_ssl_ciphers.

No, as long as you don’t want to create core dumps the message can be ignored. I also have the faint memory that we change this from an error to a warning recently.


#15

Thank you very much!


#16

Thnxs for the help :slight_smile:

With double quotes it returns the same error:

root@intranet:~# ucr set kopano/cfg/server/server_ssl_ciphers="ALL:!LOW:!SSLv2:!EXP:!aNULL"
-bash: !LOW: event not found

What do you mean with “Instead of setting it empty you could also under it”? What action/command do you mean?


#17

Hey,

I think that’s a typo; he probably meant “undef” or “unset” instead of “under”; as in: ucr unset kopano/cfg/server/server_ssl_protocols

mosu


#18

Indeed. Autocorrect on a mobile changed it from unset to the above. The ucr command was posted above already as well.


#19

Is there some relevance here in whether the Kopano install has been previously upgraded from Zarafa4UCS? This applies to my install.

Like sakgRtd2w, the only setting of “kopano/cfg/server/server_ssl_protocols” that allows my kopano_server service to start is blank.

ie: kopano/cfg/server/server_ssl_protocols=

Just wondering why setting it too ‘ALL:!LOW:!SSLv2:!EXP:!aNULL’ does not work in my instance ?