[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: testing, upgrade of openssl libssl1.1 ( 1.1.0f-3 => 1.1.0f-4 )



Michael Grant <mgrant@grant.org> wrote:

> Is there something I can set on Debian side to force this newer
> openssl to accept older 1.x connections?

No, you can't.

Kurt Roeckx, the DD maintaining OpenSSL, patched it in such a way that a
program needs to call a special function of OpenSSL to override the
default minimum TLS-version of TLS1.2.

Problem is: next to no program implements this as of yet.

The Dovecot developers may introduce the needed change in some of the
coming versions, with sendmail I believe you will be out of luck.

First help: Grab an older OpenSSL version from snapshots.debian.org to
get going again.

My solution (other than complaining on the debian-devel mailinglist) was
to recompile OpenSSL with the patch in question removed.

Of course in doing so I burdened myself with tracking any new release of
the OpenSSL packages and recompile them until this situation has been
resolved in some other way.

Grüße,
Sven.

-- 
Sigmentation fault. Core dumped.


Reply to: