I just checked, and reportbug.debian.org is still offering an invalid certificate using STARTTLS on port 587 (submission): $ echo quit|openssl s_client -connect reportbug.debian.org:submission -starttls smtp -brief depth=0 C = NA, ST = NA, L = Ankh Morpork, O = Debian SMTP, OU = Debian SMTP CA, CN = buxtehude.debian.org, emailAddress = hostmaster@buxtehude.debian.org verify error:num=20:unable to get local issuer certificate depth=0 C = NA, ST = NA, L = Ankh Morpork, O = Debian SMTP, OU = Debian SMTP CA, CN = buxtehude.debian.org, emailAddress = hostmaster@buxtehude.debian.org verify error:num=21:unable to verify the first certificate CONNECTION ESTABLISHED Protocol version: TLSv1.2 Ciphersuite: ECDHE-RSA-AES256-GCM-SHA384 Requested Signature Algorithms: RSA+SHA256:ECDSA+SHA256:RSA+SHA384:ECDSA+SHA384:RSA+SHA512:ECDSA+SHA512:RSA+SHA224:ECDSA+SHA224:RSA+SHA1:ECDSA+SHA1 Peer certificate: C = NA, ST = NA, L = Ankh Morpork, O = Debian SMTP, OU = Debian SMTP CA, CN = buxtehude.debian.org, emailAddress = hostmaster@buxtehude.debian.org Hash used: SHA256 Signature type: RSA Verification error: unable to verify the first certificate Supported Elliptic Curve Point Formats: uncompressed Server Temp Key: ECDH, P-256, 256 bits 250 HELP DONE -- Brian Minton brian at minton dot name http://brian.minton.name Live long, and prosper longer! OpenPGP fingerprint = 8213 71DD 4665 CF4F AE20 2206 0424 DC19 B678 A1A9
Attachment:
signature.asc
Description: PGP signature