Re: testing, upgrade of openssl libssl1.1 ( 1.1.0f-3 => 1.1.0f-4 )
On 5 September 2017 at 20:29, Michael Grant <mgrant@grant.org> wrote:
> On 5 September 2017 at 19:15, Gene Heskett <gheskett@shentel.net> wrote:
>> On Tuesday 05 September 2017 13:40:00 Michael Grant wrote:
>>
>>> I upgraded openssl today in my server running testing. It installed
>>> version 1.1.0f-5. To my surprise, my mac clients can no longer send
>>> and receive email!
>>>
>> As that is a security related upgrade, I would next push the Mac people
>> to match it, or if possible, configure the Macs to use the more secure
>> protocol.
>
> Any clues how to configure the Mac to use the more secure protocol?
> All the software is up-to-date on the Mac side. I don't see any
> obvious option in any of the mail settings on the Mac side.
>
> This is the error I see in the mail logs for both dovecot and sendmail:
>
> dovecot:
> TLS handshaking: SSL_accept() failed: error:1417D102:SSL
> routines:tls_process_client_hello:unsupported protocol, session=<...>
>
> sendmail:
> STARTTLS=server: 0:error:1417D102:SSL
> routines:tls_process_client_hello:unsupported
> protocol:../ssl/statem/statem_srvr.c:974:
>
> I realize this isn't a MacOS forum but the error message here is on
> the Debian side. Other mail clients like Windows Mail connect fine.
>
> Is there something I can set on Debian side to force this newer
> openssl to accept older 1.x connections?
I could not find any option I could set in the dovecot.conf or the
sendmail.mc file to make libssl accept tls 1.1. I managed to revert
back libssl to get back to a working situation until the client's get
updated.
I downloaded libssl1.1_1.1.0f-3_amd64.deb
and did:
dpkg -i libssl1.1_1.1.0f-3_amd64.deb
restarted sendmail and dovecot and everyone can now connect.
Reply to: