Difference between revisions of "TLS Problems"

From Roaring Penguin
Jump to: navigation, search
Line 4: Line 4:
 
<ol>
 
<ol>
 
<li>Add this to the end of /etc/mail/sendmail.mc:
 
<li>Add this to the end of /etc/mail/sendmail.mc:
<br><tt>:--> LOCAL_CONFIG</tt>
+
:<tt>--> LOCAL_CONFIG</tt>
:<br><tt>--> dnl # Do not allow SSLv2 and weak ciphers</tt>
+
:<tt>--> dnl # Do not allow SSLv2 and weak ciphers</tt>
 
<br><tt>--> O CipherList=HIGH:MEDIUM:!ADH:!MD5:!SSLv2</tt>
 
<br><tt>--> O CipherList=HIGH:MEDIUM:!ADH:!MD5:!SSLv2</tt>
 
<br><tt>--> O ClientSSLOptions=+SSL_OP_NO_TLSv1</tt>
 
<br><tt>--> O ClientSSLOptions=+SSL_OP_NO_TLSv1</tt>

Revision as of 15:20, 20 June 2014

We've found that Debian 7's version of OpenSSL has problems interoperating with some other SSL implementations. Here are some things you can try:

  1. Add this to the end of /etc/mail/sendmail.mc:
    --> LOCAL_CONFIG
    --> dnl # Do not allow SSLv2 and weak ciphers

    --> O CipherList=HIGH:MEDIUM:!ADH:!MD5:!SSLv2
    --> O ClientSSLOptions=+SSL_OP_NO_TLSv1
    After you add the above lines, type:
    --> make -C /etc/mail && /etc/init.d/sendmail reload
  2. If that doesn't help, you have to disable TLS with the machine gwmail.bradescoseguros.com.br. Put this lines in /etc/mail/access:
    --> Try_TLS:gwmail.bradescoseguros.com.br NO
    and again:
    --> make -C /etc/mail
  3. If that still does not work, you may have to disable STARTTLS for now by removing
    --> include(`/etc/mail/tls/starttls.m4')dnl from sendmail.mc
    and running
    --> make -C /etc/mail && /etc/init.d/sendmail reload