Hi misc@,
I send this mail just in case someone else encounter the issue.
On OpenBSD 6.8-stable, opensmtpd fails to upgrade to TLSv1.2 when
relaying mail to a host with a self-signed certificate.
- In maillog the error is:
mta tls ciphers=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256
mta server-cert-check result="failure".
- Check with openssl:
openssl s_client -connect smtp.example.com:25 -starttls smtp
-> Verify return code: 20 (unable to get local issuer certificate)
Whereas the same command on OpenBSD 6.8-current returns:
-> Verify return code: 18 (self signed certificate)
Upgrading to OpenBSD 6.8-current fixes the issue.
Note that this is only an issue when enforcing tls verification in
smtpd.conf. Otherwise, in my case, I ended-up being greylisted.
Thank you all for your work.
Best,
--
gjadi
PGP : AF26 E9C2 A1C8 8D32 A868 4386 1373 5477 2B65 1894
