Package: openssl Version: 1.1.1-2 Severity: important Dear Maintainer,
Last saturday, I have upgraded my testing server. This server acts as a mail server running sendmail. With stable openssl package, my server ran fine. With new package, sendmail returns the obvious message : dsn=4.0.0, stat=Deferred: 403 4.7.0 TLS handshake failed I have removed TLS from SMTP configuration (Try_TLS: NO in /etc/mail/access) but some MX requires TLS and I'm unable to send message to several MX. For rexample orange.fr : Nov 7 09:17:31 rayleigh sm-mta[10148]: ruleset=try_tls, arg1=smtp-in.orange.fr, relay=smtp-in.orange.fr, reject=550 5.7.1 <x...@orange.fr>... do not try TLS with smtp-in.orange.fr [80.12.242.9] Nov 7 09:17:31 rayleigh sm-mta[10148]: wA68PQwK006059: to=<x...@orange.fr>, delay=23:52:05, xdelay=00:00:01, mailer=esmtp, pri=77460547, relay=smtp-in.orange.fr. [80.12.242.9], dsn=5.0.0, stat=Service unavailable Second constatation : I use a patch (from sendmail 8.16) that allow sendmail to automatically disable TLS when 4.7.0 error occurs. With stable openssl, when sendmail tries to send message, SMTP always receives : ... dsn=4.0.0, stat=Deferred: 403 4.7.0 TLS handshake failed. With testing package, sendmail randomly receives : ... dsn=4.0.0, stat=Deferred: 403 4.7.0 TLS handshake failed or ... dsn=4.0.0, stat=Deferred Of course, I have read openssl installation instructions, but I haven't found any workaround. If I downgrade openssl to openssl_1.1.0f-3+deb9u2_amd64.deb, sendmail runs as expected. Best regards, JKB -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.18.0-2-amd64 (SMP w/8 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages openssl depends on: ii libc6 2.27-8 ii libssl1.1 1.1.1-2 openssl recommends no packages. Versions of packages openssl suggests: ii ca-certificates 20170717 -- no debconf information