"It seams that there is another difference between the two openssl
versions then only the heartbleed bugfix."
err, yes. The g release is a new minor release. I'd ALWAYS advise reading the
changelog before deploying. .. You'd then have seen the new features (this is
why vendors such as redhat a
On Thu, Apr 10, 2014 at 08:24:33PM +, Viktor Dukhovni wrote:
> > > openssl s_client -starttls smtp -ssl3 -connect migze121.migros.ch:25
> > Protocol : SSLv3
> > Cipher: DHE-RSA-AES256-SHA
>
> As expected, this works because SSLv3 sends no extensions.
When I test with Postfix and
On Thu, Apr 10, 2014 at 09:58:47PM +0200, Dominik Mahrer (Teddy) wrote:
> > openssl s_client -starttls smtp -ssl3 -connect migze121.migros.ch:25
> New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
> Server public key is 1024 bit
> Secure Renegotiation IS supported
> Compression: NONE
> Expansion: NON
Thanks Viktor
OK, I googled about IronPort-Systems (one can never learn enough).
The output requested:
> openssl s_client -starttls smtp -ssl3 -connect migze121.migros.ch:25
CONNECTED(0003)
depth=0 C = US, ST = California, L = San Bruno, O = "IronPort Systems,
Inc.", CN = IronPort Applianc
On Thu, Apr 10, 2014 at 06:39:21PM +0200, Dominik Mahrer (Teddy) wrote:
[ The subject is a bit dramatic, Sendmail did not break, rather you're
experiencing interop issues with one site. ]
> Two days ago I updated openssl 1.0.1f to 1.0.1g. Everything seamed to be
> fine. But after a while an err
Two days ago I updated openssl 1.0.1f to 1.0.1g. Everything seamed to be
fine. But after a while an error popped up in sendmail log:
Apr 10 10:13:45 mail sendmail[17568]: STARTTLS=client, error: connect
failed=-1, reason=tlsv1 alert decode error, SSL_error=1, errno=0, retry=-1
Apr 10 10:13:45 m