Re: SL5 problem with sendmail an openssl [SOLVED]

Sat, 11 Jul 2015 16:53:53 -0700 

-- Le (On) 2015-07-10 -0700 à (at) 08:59:56 Akemi Yagi écrivit (wrote): --

> On Fri, Jul 10, 2015 at 6:53 AM, Franchisseur Robert
> <rob...@franchisseur.fr> wrote:
> > Hello,
> >
> > since last security update of openssl I cannot send mail with sendmail
> > on SL5
> > <snip>
> >
> > so I had to downgrade openssl on both sides to make that work.
> >
> > Does anyone knows what is to be done to use the last openssl ?
> 
> This must be related to :
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=1228892
> 
> Comment 3 says, "That means the servers use seriously insecure DH
> parameters (shorter than 768 bits).
> 
> Can you specify the TLS ciphersuite string in the client? If so, just
> set DEFAULT:!EDH:!DHE as the ciphersuites and you should be able to
> connect."
> 
> Akemi

       Thank you Akemi it works well on the clients.


-- Le (On) 2015-07-10 +0000 à (at) 16:19:53 Brandon Vincent (Student) écrivit 
(wrote): --

> I'd just update the server size configuration to use more robust 
> Diffie-Hellman parameters.
> 
> Generate the parameters:
> openssl dhparam -out dhparam.pem -2 2048
> 
> In your sendmail.cf:
> define(`confDH_PARAMETERS',`/etc/mail/certs/dhparam.pem')
> 
> Brandon Vincent

       Thank you Brandon,

       I  did that on the server and then I do not have to make Akami
       workaround on clients.


-- Le (On) 2015-07-10 -0400 à (at) 17:10:10 R P Herrold écrivit (wrote): --

> On Fri, 10 Jul 2015, Franchisseur Robert wrote:
> 
> > since last security update of openssl I cannot send mail with sendmail
> > on SL5
> 
> I confirm that we received the same error when we applied the 
> OpenSSL update, and had to revert as well; remember to add an 
> 'exclude' rule in yum.conf to block it against future updates
> 
> We are in the process of leaving '5' for mailservers and 
> webservers (to get the alter TLS versions), so are not 
> actively seeking a fix
> 
> -- Russ herrold

       Thank you Russ,

       you can make Brandon workaround before upgrading SL
       it works very well.

-- 
                 Best regards,
                               Robert FRANCHISSEUR
 ____ Apollo_gist :-)_______________________________________________
| Robert FRANCHISSEUR                 Phone  : +33 (0)950  635  636 |
| 30 rue René Hamon                   Phone  : +33 (0)1 46 78 37 29 |
| F-94800 VILLEJUIF            e-mail : Robert at Franchisseur . fr |
 -------------------------------------------------------------------

Attachment: pgpZyGYo1Nh3G.pgp
Description: PGP signature

Reply via email to