Bug#338006: [Pkg-openssl-devel] Bug#338006: Postfix problem still
there
Kurt Roeckx
kurt at roeckx.be
Sun Jan 22 20:55:16 UTC 2006
On Sun, Jan 22, 2006 at 09:23:13PM +0100, Martin Sebald wrote:
> Hello!
>
> > We believe that the bug you reported is fixed in the latest version of
> > openssl, which is due to be installed in the Debian FTP archive:
>
> Was this meant for me? Otherwise sorry for spamming around... ;-)
>
> I upgraded to openssl 0.9.8a-6 but the Postfix errors stayed.
It's the client that needs to upgrade to 0.9.8a-6. And did your
postfix get restarted? It's probably not a bad idea to restart
it manually to make sure it's running with the lastest version of
the library.
> I also got a mail from a nice guy named Yari about my Postfix problem:
>
> > As I had the same problem, the workaround I've found is the following: in
> > the main.cf configuration file add this directive for openssl:
>
> > smtpd_tls_cipherlist = SSLv2:-LOW:-EXPORT:RC4+RSA
>
> > in this way it works always, with TLS v1 and RC4 128 bit.
>
> > Best Regards
> > Yari Melzani
>
> Because I did not know what he wanted to say when talking about "TLS v1 and
> RC4 128 bit" (I need this to work with all TLS connections, not only some)
> I did not try it yet.
That will basicly reduce the encryption level and protocol in
such a way that the bug doesn't show up. I don't recommend this,
but it will probably work.
Kurt
More information about the Pkg-openssl-devel
mailing list