Re: testing, upgrade of openssl libssl1.1 ( 1.1.0f-3 => 1.1.0f-4 )
Michael Grant <email@example.com> wrote:
> Is there something I can set on Debian side to force this newer
> openssl to accept older 1.x connections?
No, you can't.
Kurt Roeckx, the DD maintaining OpenSSL, patched it in such a way that a
program needs to call a special function of OpenSSL to override the
default minimum TLS-version of TLS1.2.
Problem is: next to no program implements this as of yet.
The Dovecot developers may introduce the needed change in some of the
coming versions, with sendmail I believe you will be out of luck.
First help: Grab an older OpenSSL version from snapshots.debian.org to
get going again.
My solution (other than complaining on the debian-devel mailinglist) was
to recompile OpenSSL with the patch in question removed.
Of course in doing so I burdened myself with tracking any new release of
the OpenSSL packages and recompile them until this situation has been
resolved in some other way.
Sigmentation fault. Core dumped.