[Pkg-openssl-devel] Sendmail TLS-issue with libssl 1.1.1b-2 - unable to STARTTLS to some MTAs
Joerg Hinz
Hinz at Linux-Systeme.de
Tue May 21 15:50:41 BST 2019
Hi Kurt,
On 21.05.2019 16:10, Kurt Roeckx wrote:
> Please see /usr/share/doc/libssl1.1/NEWS.Debian.gz for more
> information.
Okay, so if I had read this and added
MinProtocol = None
CipherString = DEFAULT
to /etc/ssl/openssl.cnf everything would have been okay with those MTAs?
Good to know...!
> The remote host really should use a larger DH key. I suggest you
> try to contact them to fix their DH key.
Symantec is such a big company, I fear they don't take such a complain
serious... :-( (beside that I don't know how to get a technical contact
there...)
> I also think there is a bug in sendmail. It should retry without
> TLS in case TLS fails. sendmail should probably also override the
> defaults.
That is a point, indeed.
I also checked intensely for getting sendmail to fall back to non-TLS in
case TLS fails, but - I guess for good reasons - this seems not to be
possible.
Joerg
--
Jörg Hinz
Hinz at Linux-Systeme.de
+49 201 - 29 88 311
+49 172 - 7 222 333
Linux-Systeme GmbH
Langenberger Str. 179, 45277 Essen
www.linux-systeme.de
+49 201 - 29 88 30
http://www.xing.com/profile/Joerg_Hinz
Amtsgericht Essen, HRB 14729
Geschäftsführer Jörg Hinz
More information about the Pkg-openssl-devel
mailing list