Bug#913129: [Pkg-openssl-devel] Bug#913129: Bug#913129: openssl: TLS error (error 403 4.7.0 TLS handshake failed in sendmail logs)
- To: Kurt Roeckx <kurt@roeckx.be>
- Cc: 913129@bugs.debian.org
- Subject: Bug#913129: [Pkg-openssl-devel] Bug#913129: Bug#913129: openssl: TLS error (error 403 4.7.0 TLS handshake failed in sendmail logs)
- From: BERTRAND Joël <joel.bertrand@systella.fr>
- Date: Sat, 10 Nov 2018 23:34:41 +0100
- Message-id: <[🔎] 45500b1c-b789-a146-818f-1eb609b93b7b@systella.fr>
- Reply-to: BERTRAND Joël <joel.bertrand@systella.fr>, 913129@bugs.debian.org
- In-reply-to: <20181110194913.GE1797@roeckx.be>
- References: <154158610487.18472.15134435486672851383.reportbug@rayleigh.systella.fr> <20181107174720.GA15607@roeckx.be> <b9cdef4e-bd14-b034-bb18-87dc72f4be5b@systella.fr> <154158610487.18472.15134435486672851383.reportbug@rayleigh.systella.fr> <20181108173652.GA3584@roeckx.be> <20181110172909.GD1797@roeckx.be> <2c49bff1-f73c-c5cb-86a0-70707cd27c59@systella.fr> <20181110194913.GE1797@roeckx.be> <154158610487.18472.15134435486672851383.reportbug@rayleigh.systella.fr>
Kurt Roeckx a écrit :
> On Sat, Nov 10, 2018 at 08:17:19PM +0100, BERTRAND Joël wrote:
>> Kurt Roeckx a écrit :
>>> On Thu, Nov 08, 2018 at 06:36:52PM +0100, Kurt Roeckx wrote:
>>>> On Thu, Nov 08, 2018 at 06:10:29PM +0100, BERTRAND Joël wrote:
>>>>> Kurt Roeckx a écrit :
>>>>>> On Wed, Nov 07, 2018 at 11:21:44AM +0100, BERTRAND Joël wrote:
>>>>>>> Nov 7 09:17:31 rayleigh sm-mta[10148]: ruleset=try_tls, arg1=smtp-in.orange.fr, relay=smtp-in.orange.fr, reject=550 5.7.1 <xxx@orange.fr>... do not try TLS with smtp-in.orange.fr [80.12.242.9]
>>>>>>> Nov 7 09:17:31 rayleigh sm-mta[10148]: wA68PQwK006059: to=<xxx@orange.fr>, delay=23:52:05, xdelay=00:00:01, mailer=esmtp, pri=77460547, relay=smtp-in.orange.fr. [80.12.242.9], dsn=5.0.0, stat=Service unavailable
>>>>>>
>>>>>> That server only seems to support TLS 1.0.
>>>>>>
>>>>>> Have you read: /usr/share/doc/libssl1.1/NEWS.Debian.gz
>>>>>>
>>>>>> Anyway, I suggest you file a bug against sendmail to override the
>>>>>> defaults.
>>>>>
>>>>> I have read /usr/share/doc/libssl1.1/NEWS.Debian.gz and tested all
>>>>> workarounds without any success.
>>>>
>>>> And you restarted sendmail after changing /etc/ssl/openssl.cfg?
>>>
>>> Any update on this?
>>
>> Of course, I have updated /etc/ssl/openssl.cfg with suggestions in NEWS
>> file and restarted sendmail without success.
>
> All I can say is that if I change both values to the value from
> NEWS, I can connect to it, otherwise I can't.
I have changed _both_ values and I cannot connect to orange.fr or
hotmail.com with sendmail. If I use stable package, sendmail runs as
expected.
Reply to: