Jan Völkers wrote:
> I'd like to communicate encrypted, but when i configure tls, qpsmtp
> stops working with the line "trying to get config for tls_ciphers" in
> the last logline.
That may be the last log line, but it is highly unlikely that it is the last
thing executed. If you turn up the logging to 11, do you see
ciphers: DEFAULT
as well? Are you running a known broken distro like Solaris (which doesn't
provide a fully functional SSL library by default)?
> I have added a file tls_ciphers with "DEFAULT" inside. No change.
> I use pem files - could that be the problem? What format is preferred?
$perldoc IO::Socket::SSL
...
SSL_cert_file
If your SSL certificate is not in the default place
(certs/server-cert.pem for servers, certs/client-cert.pem for
clients), then you should use this option to specify the location
of your certificate.
...
NOTE: you cannot have a password on your certificate/key file, because there is
no way for qpsmtpd to handle that. You also need to pass the CA cert that was
used to sign your certificate (since you need the full chain).
Try running this:
perl -MIO::Socket::SSL -e '
my $ssl_ctx = IO::Socket::SSL::SSL_Context->new(
SSL_use_cert => 1,
SSL_cert_file => "/path/to/cert",
SSL_key_file => "/path/to/key",
SSL_ca_file => "/path/to/ca",
SSL_cipher_list => "HIGH",
SSL_server => 1
) or die "Could not create SSL context: $!";
'
and see what that does (which is precisely what the tls plugin does internally).
HTH
John
