Le 13/04/2013 16:27, Viktor Dukhovni a écrit :
> On Sat, Apr 13, 2013 at 03:40:59PM +0200, mouss wrote: > 2013-04-12T21:49:03.160443+02:00 server postfix/smtpd[12238]: warning: TLS > library problem: 12238:error:1409D08A:SSL > routines:ssl3_setup_key_block:cipher or hash unavailable:s3_enc.c:423: This > suggests your TLS library is broken. The TLS library being which one ? I am > using openSSL and all https web site are working fine. Is there another > library involved ? most probably, the compiled/configured version of openssl does not match what postfix expects. The only versions of OpenSSL I could find in which s3_enc.c has SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK,SSL_R_CIPHER_OR_HASH_UNAVAILABLE); on line 423, are the unreleased OpenSSL 1.0.2 branch and the master development branch. The OP has upgraded to a bleeding-edge OpenSSL, which may have unresolved bugs, or may be incompatible with the installed libcrypto due to an incomplete upgrade, ... The solution is to use stable OpenSSL releases if you're not an OpenSSL developer. When running development versions of your O/S distribution you need to be willing to find and solve problems independently. [ I've been ignoring this thread, because the OP replied to an unrelated message to postfix-devel instead of starting a new message, and I don't like to untangle messed up threads. When composing a new message, don't hit "Reply". ] Ok, I tried 1 - to re-install openssl 1.0.1 then recompile postfix 2 - to reboot on an old kernel 3 - to use postfix 2.9, 2.10 or 2.11-devel 4 - to move from SSL (465) to STARTTLS (25) 5 - put the ciphers req to "medium" In all cases, I get to something similar to: 2013-04-14T15:26:27.625728+02:00 server postfix/smtpd[20218]: warning: TLS library problem: 20218:error:1411C146:SSL routines:tls1_prf:unsupported digest type:t1_enc.c:276: 2013-04-14T15:26:27.625738+02:00 server postfix/smtpd[20218]: warning: TLS library problem: 20218:error:140D308A:SSL routines:tls1_setup_key_block:cipher or hash unavailable:t1_enc.c:621: Any clue ? Thanks a million in advance Joan
