Re: ssl handshake problem with bugs.debian.org?

[Sven Hartge <sven@svenhartge.de>]

Harald Dunkel <harald.dunkel@aixigo.com> wrote:
> On 2020-07-27 11:17, Sven Hartge wrote:
 
>> Debian uses their own CA to sign this certificate, which is fine for
>> SMTP, which normally only uses opportunistic encryption.
>> 
>> But if the client SMTP-Server is set to *verify* the certificate, it
>> will fail.

> Certificate verification is optional on my MTA. See the log file.
> AFAICT it ignored the failed certificate check and continued with the
> ssl handshake. *Then* it failed.

Right.

> It would be interesting to know whats written in the log files on
> buxtehude. Are there other similar incidents?

Does your MTA present a client certificate? Maybe buxtehude does not
like that?

When diagnosing SSL errors I also find it helpful to wireshark the
connection to see which side exactly triggers the SSL Alert. That may
help highlight the culprit here.

Grüße,
Sven.

-- 
Sigmentation fault. Core dumped.