After upgrading to libssl3 broke my dovecot setup with following error:
imap-login: Error: Failed to initialize SSL server context: Can't load SSL certificate (ssl_cert setting): error:25066067:DSO support routines:dlfcn_load:could not load the shared library: filename(libproviders.so): libproviders.so: cannot open shared object file: No such file or directory, error:25070067:DSO support routines:DSO_load:could not load the shared library, error:0E07506E:configuration file routines:module_load_dso:error loading dso: module=providers, path=providers, error:0E076071:configuration file routines:module_run:unknown module name: module=providers

Commenting out providers = provider_sect in /etc/ssl/openssl.cnf fixes the issue.
I guess this is closely related to the following debian bug: #918727

I can confirm this bug.

The fix Skibbi proposed enables my mailserver to receive e-mails again. But I cannot login via IMAP receiving the following errors:

# connecting from a laptop to the mail server:

Socket error: secure connect to example.org (1.2.3.4:143): error:1408F10B:SSL routines:ssl3_get_record:wrong version number

# mail server log
/var/log/mail.log:
May 20 13:22:59 mail dovecot: imap-login: Error: Failed to initialize SSL server context: Can't load SSL certificate (ssl_cert setting): error:25066067:DSO support routines:dlfcn_load:could not load the shared library: filename(libproviders.so): libproviders.so: cannot open shared object file: No such file or directory, error:25070067:DSO support routines:DSO_load:could not load the shared library, error:0E07506E:configuration file routines:module_load_dso:error loading dso: module=providers, path=providers, error:0E076071:configuration file routines:module_run:unknown module name: module=providers: user=<>, rip=5.6.7.8, lip=1.2.3.4, session=<5vd2tm/faYY+1vxS>
May 20 13:22:59 mail dovecot: imap-login: Disconnected: TLS initialization failed. (no auth attempts in 0 secs): user=<>, rip=5.6.7.8, lip=1.2.3.4, session=<5vd2tm/faYY+1vxS>

Hello,

I think Ubuntu already did cherry-pick a fedora dovecot change for new openssl 3.0

https://patches.ubuntu.com/d/dovecot/dovecot_1:2.3.16+dfsg1-3ubuntu3.patch

Maybe it can fix this specific issue.

G.

Hi,

It's the same with mutt.
It's also the same from K9 mail and BlueMail from Android.
Fortunately, I can use roundcube webmail.

  providers = provider_sect

in /etc/openssl.cnf

See also https://github.com/nodejs/node/discussions/43184

Le 2022-05-23 13:08, Nye Liu a écrit :

It works!
Just one thing, the file is /etc/ssl/openssl.cnf

The proposed workarount in /etc/ssl/openssl.cnf indeed fixes the problem for me as well.

The recent dovecot upload contains this fix:

   dovecot (1:2.3.19+dfsg1-1) unstable; urgency=medium
     * [d223bbd] d/patches: add patch to support openssl 3.0 (Closes: #996273)

https://salsa.debian.org/debian/dovecot/-/commit/d223bbd1d0968ad2b46c4316c102c11bde8c5075

That's good news.  Does it mean one can remove the workaround (commenting out
"providers = provider_sect") ?

Regards,
-Steve

Am 06.06.22 um 15:50 schrieb Steven Robbins:


Hello Steven,
I guess just if you use the version from unstable.
As far as I see it will still take some time to migrate to testing.

Kind regards,
Bernhard

We believe that the bug you reported is fixed in the latest version of
openssl, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1011051@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sebastian Andrzej Siewior <sebastian@breakpoint.cc> (supplier of updated openssl package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
Format: 1.8
Date: Wed, 08 Jun 2022 23:10:14 +0200
Source: openssl
Architecture: source
Version: 3.0.3-7
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSL Team <pkg-openssl-devel@alioth-lists.debian.net>
Changed-By: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Closes: 1011051
Changes:
 openssl (3.0.3-7) unstable; urgency=medium
 .
   * Remove the provider section from the provided openssl.cnf
    (Closes: #1011051).
Checksums-Sha1:
 b2bda295319fc0deb015df7212f817bb3f3f4682 2604 openssl_3.0.3-7.dsc
 df8399b7913cb108105854b4bec85b7571c6b869 125192 openssl_3.0.3-7.debian.tar.xz
Checksums-Sha256:
 7f2b40172ad768da358bd49ef16ee4aed04fb2ae7b4bcdf77745faf5c794f8de 2604 openssl_3.0.3-7.dsc
 0d369731d061ae435ad7d113895b11d48b36a798b34092cb6e95c391c6de8929 125192 openssl_3.0.3-7.debian.tar.xz
Files:
 61883e3aa88768df88b57428bdd4495a 2604 utils optional openssl_3.0.3-7.dsc
 9edbd0b6d14d72265e09e2633466ae7c 125192 utils optional openssl_3.0.3-7.debian.tar.xz
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEZCVGlf/wqkRmzBnme5boFiqM9dEFAmKhEa4ACgkQe5boFiqM
9dEVEQ/6A+A5Rg+plsXQDX094mr8kPdZpfHcvrkqJx3YqNitvGPmQJS67g5hrxy/
ReB6TIRYVmCwoiUHnQ2CmjZL0BXcKYXPk55oqHkUUKshxiFKtopwbnrXLH2N7vST
WQni7+azsZ4wclk0mk51nrhQfCyfJcBuUircsVOnJ8sUbDLIMpARhK6fDK7EXVUM
EET3Wgbe0DtiG4wO0CKzh8FFEmY0G7mxTtseQqHOkkiZU2lipnl5GnL+tdu4SDcV
y+dMfd1dnE2nH87/uXWGuO52m3ziH46AG6ommFKRHhRQbmEDDqNkraHwqUmhwh4t
zVSd7ovLWleBScfWgqzBouDZgIMBQDvjhyCJESlpGgUxE1d7DVuuSuGmN9qcUrjB
TdQx3K8EjsagoT7ZFCFwTSEHMIwJGhgxaE0KJUbJhDNr78pYlzail1f7qw/TWPkf
gNXHc9dJ0JvBQiE+FWPM2+6hYn5Xi3RSFGenqrCRrBAF8bNTyKz8MRmTABB8MM7c
wyvHij7p2TcXi8mbA94B5XNpF/ThXnyJFrYoclsxsjq0G1Y1qhulvaKvao6E4gEt
N4lmH7EezHZtiCwfOc536BtKzGLGBpBT5IKNLhs/47gcXMZzVoZ3j6QTDGCRz3/A
orU4eR/xBwsyUf3komwdmi2/AxYLt2PTl+KCSiBb/3aTW8lUW8g=
=4yrZ
-----END PGP SIGNATURE-----