ssl handshake problem with bugs.debian.org?

Mon, 27 Jul 2020 01:50:12 -0700 

Hi folks,

I've got a ssl handshake problem with bugs.debian.org on sending an EMail.
My mta (OpenBSD 6.7, i.e. libressl) in the office says in its logfile

:
Jul 27 10:23:37 gate5a smtpd[67056]: d4df9298d18e1596 mta connecting 
address=smtp://209.87.16.39:25 host=buxtehude.debian.org
Jul 27 10:23:37 gate5a smtpd[67056]: d4df9298d18e1596 mta connected
Jul 27 10:23:39 gate5a smtpd[67056]: d4df9298d18e1596 mta tls 
ciphers=TLSv1.3:AEAD-AES256-GCM-SHA384:256
Jul 27 10:23:39 gate5a smtpd[67056]: d4df9298d18e1596 mta server-cert-check 
result="failure"
Jul 27 10:23:39 gate5a smtpd[67056]: d4df9299bfe4df24 mta connecting 
address=smtp://[2607:f8f0:614:1::1274:39]:25 host=buxtehude.debian.org
Jul 27 10:23:39 gate5a smtpd[67056]: d4df9298d18e1596 mta error reason=IO 
Error: error:1404C410:SSL routines:ST_OK:sslv3 alert handshake failure
Jul 27 10:23:39 gate5a smtpd[67056]: smtp-out: Disabling route 5.145.142.10 <-> 
209.87.16.39 (buxtehude.debian.org) for 15s
Jul 27 10:23:39 gate5a smtpd[67056]: d4df9299bfe4df24 mta connected
Jul 27 10:23:41 gate5a smtpd[67056]: d4df9299bfe4df24 mta tls 
ciphers=TLSv1.3:AEAD-AES256-GCM-SHA384:256
Jul 27 10:23:41 gate5a smtpd[67056]: d4df9299bfe4df24 mta server-cert-check 
result="failure"
Jul 27 10:23:41 gate5a smtpd[67056]: d4df9299bfe4df24 mta error reason=IO 
Error: error:1404C410:SSL routines:ST_OK:sslv3 alert handshake failure
Jul 27 10:23:41 gate5a smtpd[67056]: smtp-out: Disabling route 
[2001:67c:13b0:ffff::60] <-> [2607:f8f0:614:1::1274:39] (buxtehude.debian.org) 
for 15s
Jul 27 10:23:41 gate5a smtpd[67056]: smtp-out: Address family mismatch on 
[connector:[2001:67c:13b0:ffff::60]->[relay:bugs.debian.org,smtp,sourcetable=<dynamic:2>,heloname=mail.aixigo.de],0x0]
Jul 27 10:23:41 gate5a smtpd[67056]: smtp-out: Address family mismatch on 
[connector:5.145.142.10->[relay:bugs.debian.org,smtp,sourcetable=<dynamic:2>,heloname=mail.aixigo.de],0x0]
:

Please note the "sslv3 alert handshake failure".

We send a bazillion of EMails via this MTA each day. This handshake
problem shows up only for buxtehude, AFAICT. Is there a compatibility
issue with openssl in Debian and libressl used in OpenBSD 6.7? AFAIU
TLS 1.3 is not in libressl yet.


Every helpful hint is highly appreciated.

Harri

Reply via email to