[Pkg-openssl-devel] Bug#843603: Bug#843603: Bug#843603: openssl fails on sid version to handshake with tls_1.2 to postfix echos ssl_errors

Sebastian Andrzej Siewior sebastian at breakpoint.cc
Fri Nov 11 19:43:09 UTC 2016


On 2016-11-11 19:21:26 [+0100], sternasky wrote:
> Hello,
Hi,

> after some analysis i found infos about php security changes after
> 5.6,7.0.12.2
> 
> Self Signed Certs like
> 
> SSLCertificateFile    /etc/ssl/certs/ssl-cert-snakeoil.pem
> SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
> 
> which are set to CN localhost are blocked by postfix from PHP Mailers
> like Roundcube.. Errors often are seen:
> 
> .. ssl cert not accepted or SSLv3 Error..

They might be blocked because PHP can't verify the cert chain. SSLv3 is
disabled in stable+ so this won't work. So far it does not look like a
openssl bug.
For localhost connections you could skip the SSL link.

> Thanks..
> www.linuxonlinehelp.de

Sebastian



More information about the Pkg-openssl-devel mailing list