Re: testing, upgrade of openssl libssl1.1 ( 1.1.0f-3 => 1.1.0f-4 )
On 5 September 2017 at 19:15, Gene Heskett <gheskett@shentel.net> wrote:
> On Tuesday 05 September 2017 13:40:00 Michael Grant wrote:
>
>> I upgraded openssl today in my server running testing. It installed
>> version 1.1.0f-5. To my surprise, my mac clients can no longer send
>> and receive email!
>>
> As that is a security related upgrade, I would next push the Mac people
> to match it, or if possible, configure the Macs to use the more secure
> protocol.
Any clues how to configure the Mac to use the more secure protocol?
All the software is up-to-date on the Mac side. I don't see any
obvious option in any of the mail settings on the Mac side.
This is the error I see in the mail logs for both dovecot and sendmail:
dovecot:
TLS handshaking: SSL_accept() failed: error:1417D102:SSL
routines:tls_process_client_hello:unsupported protocol, session=<...>
sendmail:
STARTTLS=server: 0:error:1417D102:SSL
routines:tls_process_client_hello:unsupported
protocol:../ssl/statem/statem_srvr.c:974:
I realize this isn't a MacOS forum but the error message here is on
the Debian side. Other mail clients like Windows Mail connect fine.
Is there something I can set on Debian side to force this newer
openssl to accept older 1.x connections?
Reply to: