Package: openssl Version: 1.0.1t-1+deb8u4 Severity: normal Dear Maintainer,
tonights update of OpenSSL (1.0.1t-1+deb8u3, 1.0.1t-1+deb8u4) broke the connection between an Outlook 2007 (12.0.6744.500) under Windows XP and a postfix under Debian. See the following log of a connection-try: -- beginn --- Sep 23 11:26:42 hermes postfix/smtpd[30240]: setting up TLS connection from X.Y.Z.invalid[10.X.Y.Z] Sep 23 11:26:42 hermes postfix/smtpd[30240]: X.Y.Z.invalid[10.X.Y.Z]: TLS cipher list "aNULL:-aNULL:ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH" Sep 23 11:26:42 hermes postfix/smtpd[30240]: SSL_accept:before/accept initialization Sep 23 11:26:42 hermes postfix/smtpd[30240]: SSL3 alert write:fatal:handshake failure Sep 23 11:26:42 hermes postfix/smtpd[30240]: SSL_accept:error in error Sep 23 11:26:42 hermes postfix/smtpd[30240]: SSL_accept:error in error Sep 23 11:26:42 hermes postfix/smtpd[30240]: SSL_accept error from X.Y.Z.invalid[10.X.Y.Z]: -1 Sep 23 11:26:42 hermes postfix/smtpd[30240]: warning: TLS library problem: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher:s3_srvr.c:1440: Sep 23 11:26:42 hermes postfix/smtpd[30240]: lost connection after STARTTLS from X.Y.Z.invalid[10.X.Y.Z] -- end --- The connection worked fine yesterday and no change was done at Outlook or Postfix. The TSL-config in postfix is the following (shortened): -- beginn --- smtpd_use_tls=yes smtp_tls_security_level = may smtp_tls_loglevel = 1 smtpd_tls_loglevel = 1 smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3 smtp_tls_mandatory_protocols = !SSLv2 !SSLv3 smtp_tls_protocols = !SSLv2, !SSLv3 smtpd_tls_protocols = !SSLv2 !SSLv3 tls_preempt_cipherlist = yes smtpd_tls_mandatory_ciphers = high smtpd_tls_ciphers = medium smtp_tls_mandatory_ciphers = $smtpd_tls_mandatory_ciphers smtp_tls_ciphers = $smtpd_tls_ciphers smtpd_tls_eecdh_grade = strong -- end --- Of course I’m willing to submit further information if needed. Sincererly, DaB. -- System Information: Debian Release: 8.4 APT prefers oldstable APT policy: (900, 'oldstable'), (400, 'stable'), (301, 'oldoldstable') Architecture: i386 (i686) Kernel: Linux 3.16.0-4-686-pae (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to de_DE.UTF-8) Shell: /bin/sh linked to /bin/bash Init: sysvinit (via /sbin/init) Versions of packages openssl depends on: ii libc6 2.19-18+deb8u4 ii libssl1.0.0 1.0.1t-1+deb8u4 openssl recommends no packages. Versions of packages openssl suggests: ii ca-certificates 20130119+deb7u1 -- no debconf information