[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: testing, upgrade of openssl libssl1.1 ( 1.1.0f-3 => 1.1.0f-4 )

On 5 September 2017 at 20:29, Michael Grant <mgrant@grant.org> wrote:
> On 5 September 2017 at 19:15, Gene Heskett <gheskett@shentel.net> wrote:
>> On Tuesday 05 September 2017 13:40:00 Michael Grant wrote:
>>> I upgraded openssl today in my server running testing.  It installed
>>> version 1.1.0f-5.  To my surprise, my mac clients can no longer send
>>> and receive email!
>> As that is a security related upgrade, I would next push the Mac people
>> to match it, or if possible, configure the Macs to use the more secure
>> protocol.
> Any clues how to configure the Mac to use the more secure protocol?
> All the software is up-to-date on the Mac side.  I don't see any
> obvious option in any of the mail settings on the Mac side.
> This is the error I see in the mail logs for both dovecot and sendmail:
> dovecot:
> TLS handshaking: SSL_accept() failed: error:1417D102:SSL
> routines:tls_process_client_hello:unsupported protocol, session=<...>
> sendmail:
> STARTTLS=server: 0:error:1417D102:SSL
> routines:tls_process_client_hello:unsupported
> protocol:../ssl/statem/statem_srvr.c:974:
> I realize this isn't a MacOS forum but the error message here is on
> the Debian side.  Other mail clients like Windows Mail connect fine.
> Is there something I can set on Debian side to force this newer
> openssl to accept older 1.x connections?

I could not find any option I could set in the dovecot.conf or the
sendmail.mc file to make libssl accept tls 1.1.  I managed to revert
back libssl to get back to a working situation until the client's get

I downloaded libssl1.1_1.1.0f-3_amd64.deb

and did:

dpkg -i libssl1.1_1.1.0f-3_amd64.deb

restarted sendmail and dovecot and everyone can now connect.

Reply to: