[Pkg-openssl-devel] Bug#838765: Bug#838765: openssl: Last upgrade broke TLS for Outlook under XP
Kurt Roeckx
kurt at roeckx.be
Sat Sep 24 15:26:30 UTC 2016
On Fri, Sep 23, 2016 at 12:57:13PM +0000, DaB. wrote:
> X.Y.Z.invalid[10.X.Y.Z]: TLS cipher list
> "aNULL:-aNULL:ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH"
[...]
> Sep 23 11:26:42 hermes postfix/smtpd[30240]: warning: TLS library problem:
> error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared
> cipher:s3_srvr.c:1440:
With those settings that's expected.
XP only supports RC4 and 3DES, and you should stop using them,
just like you should stop using XP.
We just moved 3DES from HIGH to MEDIUM because of the sweet32
attack. RC4 was already moved to MEDIUM in the past.
You have an "!MEDIUM" there that removes both of them, without
having a possiblity to readd them. The "+RC4" isn't even doing
anything. You probably want to remove that "!MEDIUM", since you
clearly need them.
Kurt
More information about the Pkg-openssl-devel
mailing list