On Fri, Apr 04, 2025 at 11:54:28PM -0400, John Levine via mailop wrote:
> It appears that Viktor Dukhovni via mailop <mailop@mailop.org> said:
> >On Fri, Apr 04, 2025 at 08:17:19PM -0500, Lyle Giese via mailop wrote:
> >
> >> But in the mean time the logs started showing a few more services failing
> >> to
> >> send to my smart host, like SendGrid and another mass mailing outfit(no big
> >> loss but concerning). So I bit the bullet and bought a very cheap(<
> >> $12/year ssl cert) and installed it.
> >>
> >> Now, it's been 3 days and no further 'sslv3 alert bad certificate' errors.
>
> I would think that complaints about "sslv3" were about a misconfiguration in
> the mail server to use obsolete cryptography.
No, that's not the case, the SSL/TLS alert protocol engine in OpenSSL
uses the same code for all versions since SSL 3.0. The "sslv3" here
covers anything newer than SSL 2.0. Similarly, on the wire:
0300 SSLv3
0301 TLS 1.0
0302 TLS 1.1
0303 TLS 1.2
0304 TLS 1.3
The alert subprotocol has not changed substantially across this family
of SSL/TLS protocols.
--
Viktor.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
