On Wed, Aug 19, 2015 at 09:11:16PM +0200, Michael Grimm wrote:
> On 19.08.2015, at 20:21, Michael Grimm <trash...@odo.in-berlin.de> wrote:
>
> > I will revert to OpenSSL my primary mx, first.
>
> Done.
> BTW: LibreSSL 2.2.2 broke unbound 1.5.4 as well.
>
> > Then I will come back to this issue and provide you with tcpdump debugging
> > info.
>
> Now, my secondary is postfix/LibrSSL, only.
I've figured out what's going on. LibreSSL 2.2.2 appears to have
disabled support for the SSLv2-compatible client HELLO. Servers
that have not disabled SSLv2 are unable to complete an SSLv2-compatible
TLS handshake with LibreSSL 2.2.2. Connections that use an SSLv2
hello fail. Also clients that use just SSLv3 (no extensions, ...)
fail.
--
Viktor.
