>>>>> "Md" == Marco d'Itri <m...@linux.it> writes:
Md> Maybe it is related to this? Md> http://www.postfix.org/announcements/postfix-2.10.2.html It is related, but different. The root problem (pardon the pun) is that cacert's root certificate is signed with md5 and gnutls doesn't like that. When I use gnutls-cli to connect and submit the cert as a client cert, gnutls submits /only/ the ee cert. Openssl's s_client also sends the signing cert. When buxtehude's gnutls sees the md5-signed root cert it aborts the negotiation. The problem in the referenced URI is that gnutls refuses to tolerate a less secure DH key size. Here, gnutls refuses to tolerate a less secure hash algorithm. It should be possible to use smtp_tls_policy_maps to disable sending a client cert for the affected host(s). -JimC -- James Cloos <cl...@jhcloos.com> OpenPGP: 1024D/ED7DAEA6 -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/m3hado4zos....@carbon.jhcloos.org