On Tue, Jun 24, 2014 at 02:29:10PM +0000, Stefan Runkel wrote:
> Stephen Henson via RT <rt <at> openssl.org> writes:
> > I've updated OpenSSL so the padding extension is no longer used by default
>
> Stephen,
> Does not work for me. Running sendmail 8.14.8, got the "decode error"
> problem with openssl 1.0.1g, fixed it by ssl/tls1.h changing to
> /* #define TLSEXT_TYPE_padding 21 */.
> Sine May, that worked.
>
> At Jun10, compiled openssl 1.0.1.h from source and the sendmail decode error
> came back by Jun 12.
> Did not realize that until Jun 22.
> Today, disabled the extension completly:
> ssl/ssl.h: #define SSL_OP_TLSEXT_PADDING 0x00000000L
>
> Sendmail queue emptied after restart without further problems.
Ironport customers still have not applied the fix? Any evidence
this applies to destinations that are not Ironport appliances?
I other words, how many domains had the problem and were their MX
hosts all Ironport devices?
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
