On Mon, December 21, 2020 14:20, Viktor Dukhovni wrote:
>
> - The Postfix SMTP server is reporting an error from the underlying
> OpenSSL library.
> - That error is receipt of a fatal "SSL alert", i.e. a courtesy message
> from the *client* that it cannot complete the handshake, and is giving up.
> - Instead of just disconnecting, the client indicates the reason why it
> can't go on.
> - The specific reason is that the clien is unhappy with the server's
> certificate.
I agree. And for the past ten days that is what I have been trying to resolve.
I finally did that this morning and successfully connected to the mx service
host using the exact keystore file that the application uses.
JAVA_VERSION="12" java
-Djavax.net.ssl.trustStore=/opt/idempiere/idempiere-server/jettyhome/etc/keystore
-Djavax.net.ssl.trustStorePassword=testing SSLPoke 192.168.216.32 465
So, there has to be something in the application that is causing this to break.
But I am not a Java programmer. I am simply trying to get this messaging
feature to work so that we can proceed with our evaluation of idempiere.
>
> SSLv3 is a red herring, the TLS protocol (1.0 through 1.2) evolved from
> of SSLv3 and shares much code with the original (now deprecated) SSLv3.
> While TLS 1.3 is a significant departure, it too still shares some of
> the underpinnings, so you'll see "sslv3" in error messages for all
> protocol versions from SSLv3 through TLS 1.3.
>
In this case, the connection from the client could not get past the protocol
handshake until after SSLv3 was re-enabled. But the advice about misleading
error messages is duly noted.
--
*** e-Mail is NOT a SECURE channel ***
Do NOT transmit sensitive data via e-Mail
Unencrypted messages have no legal claim to privacy
Do NOT open attachments nor follow links sent by e-Mail
James B. Byrne mailto:byrn...@harte-lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3