On Mon, 18 Apr 2005, Bill Shupp wrote:
Yeah, this is a an odd problem with qmail-smtpd is not aware of the available ciphers in openssl. I have yet to figure out what causes this.. however, the fix is easy. Setup a static cipher list:
openssl ciphers > /var/qmail/control/tlsserverciphers
If you have similar errors when sending to another TLS enabled system, link the above file to /var/qmail/control/tlsclientciphers
If anyone else knows what determines when this is needed, I'd like to hear it.
Regards,
Bill
Hello Bill, thanks for your quick answer as usual. Solved.
Another point it may concern: use of fixcrio in qmail-smtpd's run script to fix poor webscripting, produces similar error message ( "SSL routines:SSL3_GET_SERVER_HELLO:unknown cipher returned:s3_clnt.c:") I've tested it after read "Caveats" section for tls-patch (http://inoa.net/qmail-tls/netqmail-1.05-tls-20040419.patch)
Maybe it could be useful.
best regards and thanks again
Yeah, I have confirmed that fixcrio breaks smtp TLS connections.
Regards,
Bill
