On 4/12/2012 7:59 AM, Ralf Hildebrandt wrote: > * Wietse Venema <wie...@porcupine.org>: >> "openssl s_client" sessions fail identically with 77.43.17.211 >> and 81.252.237.162. >> >> % openssl s_client -starttls smtp -connect 77.43.17.211:25 >> ... >> 250 OK >> ehlo spike.porcupine.org >> >> Nothing happens. >> >> % openssl s_client -starttls smtp -connect 77.43.17.211:25 >> ... >> 250 OK >> mail from:<wie...@porcupine.org> >> >> Nothing happens. > > Yes, very odd. Both with openssl 1.0.1 and 0.9.8 I'm getting this. > >> I suspect a "patch Tuesday" problem. > > You might be right there, since bavarian-nordic.de also seems to use M$. > Wow, this sounds like an epic fuckup... >
My main.cf has a note-to-self about this same cipher being broken on some old Windows versions in the distant past. Maybe an old bug has resurfaced. Possible workaround: smtpd_tls_exclude_ciphers = DES-CBC3-SHA smtp_tls_exclude_ciphers = DES-CBC3-SHA -- Noel Jones
