* Wietse Venema wie...@porcupine.org:
Based on input from Victor I'll put out a 2.10 development release
that makes the minimum changes to support the new OpenSSL protocols.
This may then be back-ported to earlier Postfix releases if needed.
Meanwhile, Victor will start work on
On Sun, Apr 22, 2012 at 12:47:41PM -0400, Jerry wrote:
I am wondering if openssl 1.0.1a corrects this problem. I am going to
install it later today and see what happens.
Please post the results.
On another note, is there a setting that would force Postfix to NOT use
tls1_2 or tls1_1? I am
Viktor Dukhovni:
The OpenSSL API does not provide an interface to allow older programs
to disable new protocol versions defined in later versions of the API.
Therefore, to disable TLS 1.1 or 1.2 one has to add code that uses
the new constants introduced with OpenSSL 1.0.1.
Proposed patch
On Sun, Apr 22, 2012 at 03:12:26PM -0400, Wietse Venema wrote:
Proposed patch attached.
That will be a solution for Postfix 2.10.
Meanwhile, for earlier Postfix releases, how much of the problem
can be solved by changing from:
mumble_tls_mandatory_protocols = SSLv3, TLSv1
(i.e.
Viktor Dukhovni:
On Sun, Apr 22, 2012 at 03:12:26PM -0400, Wietse Venema wrote:
Proposed patch attached.
That will be a solution for Postfix 2.10.
Meanwhile, for earlier Postfix releases, how much of the problem
can be solved by changing from:
On Sun, Apr 22, 2012 at 03:28:43PM -0400, Wietse Venema wrote:
Why do we need to have (expr TLS_KNOWN_PROTOCOLS) in the code
in the first place? If we get rid of it, then we don't have to
rush out patches each time the OpenSSL team comes out with a
new incompatible protocol.
The
Viktor Dukhovni:
On Sun, Apr 22, 2012 at 03:28:43PM -0400, Wietse Venema wrote:
Why do we need to have (expr TLS_KNOWN_PROTOCOLS) in the code
in the first place? If we get rid of it, then we don't have to
rush out patches each time the OpenSSL team comes out with a
new incompatible
On Sun, Apr 22, 2012 at 04:13:03PM -0400, Wietse Venema wrote:
On Sun, Apr 22, 2012 at 03:28:43PM -0400, Wietse Venema wrote:
Why do we need to have (expr TLS_KNOWN_PROTOCOLS) in the code
in the first place? If we get rid of it, then we don't have to
rush out patches each time the
Based on input from Victor I'll put out a 2.10 development release
that makes the minimum changes to support the new OpenSSL protocols.
This may then be back-ported to earlier Postfix releases if needed.
Meanwhile, Victor will start work on future-proofing Postfix, such
that it will be prepared
Wietse Venema:
Based on input from Victor I'll put out a 2.10 development release
that makes the minimum changes to support the new OpenSSL protocols.
This may then be back-ported to earlier Postfix releases if needed.
Meanwhile, Victor will start work on future-proofing Postfix, such
that
10 matches
Mail list logo