On 19.08.2015, at 21:40, Viktor Dukhovni wrote:
> I've figured out what's going on. LibreSSL 2.2.2 appears to have
> disabled support for the SSLv2-compatible client HELLO. Servers
> that have not disabled SSLv2 are unable to complete an SSLv2-compatible
> TLS handshake with LibreSSL 2.2.2. Co
On Sat, Aug 22, 2015 at 07:37:47AM -0700, Alice Wonder wrote:
> >If they really wanted to make a difference, they'd send patches,
> >not fork the project. I've seen very little by way of upstream
> >contributions.
> >
>
> One of the reasons they forked is because there were issue WITH PATCHES in
On 08/22/2015 06:08 AM, Viktor Dukhovni wrote:
On Wed, Aug 19, 2015 at 12:58:38PM -0700, Alice Wonder wrote:
``You also turn on thousands and thousands of lines of OpenSSL library code.
Assuming that OpenSSL is written as carefully as Wietse's own code, every
1000 lines introduce one addition
On Wed, Aug 19, 2015 at 12:58:38PM -0700, Alice Wonder wrote:
> ``You also turn on thousands and thousands of lines of OpenSSL library code.
> Assuming that OpenSSL is written as carefully as Wietse's own code, every
> 1000 lines introduce one additional bug into Postfix.''
>
> We now know OpenSS
On Wed, Aug 19, 2015 at 09:54:01PM +0200, Michael Grimm wrote:
> If I do understand that correctly, it has been a good advice to revert
> back to OpenSSL running OS != OpenBSD.
I stand by that advice.
> And, if I am not mistaken, there is no way to tell postfix to work around
> that disabled sup
On 08/19/2015 12:11 PM, Michael Grimm wrote:
On 19.08.2015, at 20:21, Michael Grimm wrote:
I will revert to OpenSSL my primary mx, first.
Done.
BTW: LibreSSL 2.2.2 broke unbound 1.5.4 as well.
Already fixed in unbound upstream, they (unbound) were doing an improper
version check if I re
On 19.08.2015, at 21:40, Viktor Dukhovni wrote:
> I've figured out what's going on. LibreSSL 2.2.2 appears to have
> disabled support for the SSLv2-compatible client HELLO. Servers
> that have not disabled SSLv2 are unable to complete an SSLv2-compatible
> TLS handshake with LibreSSL 2.2.2. Co
On Wed, Aug 19, 2015 at 09:11:16PM +0200, Michael Grimm wrote:
> On 19.08.2015, at 20:21, Michael Grimm wrote:
>
> > I will revert to OpenSSL my primary mx, first.
>
> Done.
> BTW: LibreSSL 2.2.2 broke unbound 1.5.4 as well.
>
> > Then I will come back to this issue and provide you with tcpdu
On 19.08.2015, at 20:21, Michael Grimm wrote:
> I will revert to OpenSSL my primary mx, first.
Done.
BTW: LibreSSL 2.2.2 broke unbound 1.5.4 as well.
> Then I will come back to this issue and provide you with tcpdump debugging
> info.
Now, my secondary is postfix/LibrSSL, only.
Regards,
Mic
On 19.08.2015, at 20:02, Viktor Dukhovni wrote:
> On Wed, Aug 19, 2015 at 07:49:42PM +0200, Michael Grimm wrote:
>> One of the servers in question is one of the servers sending mail for this
>> ML:
>>
>> Aug 19 19:08:29 mail postfix/smtpd[94303]: connect from
>> russian-caravan.cloud9.net[260
On Wed, Aug 19, 2015 at 07:49:42PM +0200, Michael Grimm wrote:
> >mx1.enfer-du-nord.net[87.98.149.189]:25: TLSv1 with cipher
> > DHE-RSA-AES256-SHA (256/256 bits)
>
> Yes, this is my receiving mailserver.
>
> One of the servers in question is one of the servers sending mail for this ML:
>
On 19.08.2015, at 18:58, Viktor Dukhovni wrote:
>
> On Wed, Aug 19, 2015 at 06:30:43PM +0200, Michael Grimm wrote:
>> This is postfix 3.0.2 and FreeBSD-10.2/STABLE. I switched from OpenSLL to
>> LibreSSL some month ago.
>
> LibreSSL is not tested with Postfix, and so not officially supported.
On Wed, Aug 19, 2015 at 06:30:43PM +0200, Michael Grimm wrote:
> This is postfix 3.0.2 and FreeBSD-10.2/STABLE. I switched from OpenSLL to
> LibreSSL some month ago.
LibreSSL is not tested with Postfix, and so not officially supported.
> My relevant SSL/TLS settings for receiving mail didn't cha
Hi —
This is postfix 3.0.2 and FreeBSD-10.2/STABLE. I switched from OpenSLL to
LibreSSL some month ago.
My relevant SSL/TLS settings for receiving mail didn't change ever since that
time (postconf -n | grep tls | grep smtpd)
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
14 matches
Mail list logo
