Bug#913129: [Pkg-openssl-devel] Bug#913129: Bug#913129: openssl: TLS error (error 403 4.7.0 TLS handshake failed in sendmail logs)

[BERTRAND Joël <joel.bertrand@systella.fr>]

Kurt Roeckx a écrit :
> On Sat, Nov 10, 2018 at 08:17:19PM +0100, BERTRAND Joël wrote:
>> Kurt Roeckx a écrit :
>>> On Thu, Nov 08, 2018 at 06:36:52PM +0100, Kurt Roeckx wrote:
>>>> On Thu, Nov 08, 2018 at 06:10:29PM +0100, BERTRAND Joël wrote:
>>>>> Kurt Roeckx a écrit :
>>>>>> On Wed, Nov 07, 2018 at 11:21:44AM +0100, BERTRAND Joël wrote:
>>>>>>> Nov  7 09:17:31 rayleigh sm-mta[10148]: ruleset=try_tls, arg1=smtp-in.orange.fr, relay=smtp-in.orange.fr, reject=550 5.7.1 <xxx@orange.fr>... do not try TLS with smtp-in.orange.fr [80.12.242.9]
>>>>>>> Nov  7 09:17:31 rayleigh sm-mta[10148]: wA68PQwK006059: to=<xxx@orange.fr>, delay=23:52:05, xdelay=00:00:01, mailer=esmtp, pri=77460547, relay=smtp-in.orange.fr. [80.12.242.9], dsn=5.0.0, stat=Service unavailable
>>>>>>
>>>>>> That server only seems to support TLS 1.0.
>>>>>>
>>>>>> Have you read: /usr/share/doc/libssl1.1/NEWS.Debian.gz
>>>>>>
>>>>>> Anyway, I suggest you file a bug against sendmail to override the
>>>>>> defaults.
>>>>>
>>>>> 	I have read /usr/share/doc/libssl1.1/NEWS.Debian.gz and tested all
>>>>> workarounds without any success.
>>>>
>>>> And you restarted sendmail after changing /etc/ssl/openssl.cfg?
>>>
>>> Any update on this?
>>
>> 	Of course, I have updated /etc/ssl/openssl.cfg with suggestions in NEWS
>> file and restarted sendmail without success.
> 
> All I can say is that if I change both values to the value from
> NEWS, I can connect to it, otherwise I can't.

	I have changed _both_ values and I cannot connect to orange.fr or
hotmail.com with sendmail. If I use stable package, sendmail runs as
expected.