ssl handshake problem with bugs.debian.org?

To: debian-user@lists.debian.org
Subject: ssl handshake problem with bugs.debian.org?
From: Harald Dunkel <harri@afaics.de>
Date: Mon, 27 Jul 2020 10:43:11 +0200
Message-id: <[🔎] 87r1sxe4bk.fsf@sylvester.afaics.de>

Hi folks,

I've got a ssl handshake problem with bugs.debian.org on sending an EMail.
My mta (OpenBSD 6.7, i.e. libressl) in the office says in its logfile

:
Jul 27 10:23:37 gate5a smtpd[67056]: d4df9298d18e1596 mta connecting address=smtp://209.87.16.39:25 host=buxtehude.debian.org
Jul 27 10:23:37 gate5a smtpd[67056]: d4df9298d18e1596 mta connected
Jul 27 10:23:39 gate5a smtpd[67056]: d4df9298d18e1596 mta tls ciphers=TLSv1.3:AEAD-AES256-GCM-SHA384:256
Jul 27 10:23:39 gate5a smtpd[67056]: d4df9298d18e1596 mta server-cert-check result="failure"
Jul 27 10:23:39 gate5a smtpd[67056]: d4df9299bfe4df24 mta connecting address=smtp://[2607:f8f0:614:1::1274:39]:25 host=buxtehude.debian.org
Jul 27 10:23:39 gate5a smtpd[67056]: d4df9298d18e1596 mta error reason=IO Error: error:1404C410:SSL routines:ST_OK:sslv3 alert handshake failure
Jul 27 10:23:39 gate5a smtpd[67056]: smtp-out: Disabling route 5.145.142.10 <-> 209.87.16.39 (buxtehude.debian.org) for 15s
Jul 27 10:23:39 gate5a smtpd[67056]: d4df9299bfe4df24 mta connected
Jul 27 10:23:41 gate5a smtpd[67056]: d4df9299bfe4df24 mta tls ciphers=TLSv1.3:AEAD-AES256-GCM-SHA384:256
Jul 27 10:23:41 gate5a smtpd[67056]: d4df9299bfe4df24 mta server-cert-check result="failure"
Jul 27 10:23:41 gate5a smtpd[67056]: d4df9299bfe4df24 mta error reason=IO Error: error:1404C410:SSL routines:ST_OK:sslv3 alert handshake failure
Jul 27 10:23:41 gate5a smtpd[67056]: smtp-out: Disabling route [2001:67c:13b0:ffff::60] <-> [2607:f8f0:614:1::1274:39] (buxtehude.debian.org) for 15s
Jul 27 10:23:41 gate5a smtpd[67056]: smtp-out: Address family mismatch on [connector:[2001:67c:13b0:ffff::60]->[relay:bugs.debian.org,smtp,sourcetable=<dynamic:2>,heloname=mail.aixigo.de],0x0]
Jul 27 10:23:41 gate5a smtpd[67056]: smtp-out: Address family mismatch on [connector:5.145.142.10->[relay:bugs.debian.org,smtp,sourcetable=<dynamic:2>,heloname=mail.aixigo.de],0x0]
:

Please note the "sslv3 alert handshake failure".

We send a bazillion of EMails via this MTA each day. This handshake
problem shows up only for buxtehude, AFAICT. Is there a compatibility
issue with openssl in Debian and libressl used in OpenBSD 6.7? AFAIU
TLS 1.3 is not in libressl yet.


Every helpful hint is highly appreciated.

Harri

Reply to:

Follow-Ups:
- Re: ssl handshake problem with bugs.debian.org?
  - From: Reco <recoverym4n@enotuniq.net>

Prev by Date: Re: FOSS equivalents of *OLD* database and spreadsheet tools?
Next by Date: Re: Is experimental part of Debian?
Previous by thread: Re: linux-image-4.9.0-12-amd64 breaks LUKS root
Next by thread: Re: ssl handshake problem with bugs.debian.org?
Index(es):
- Date
- Thread