Difference between revisions of "TLS Problems"

From Roaring Penguin
Jump to: navigation, search
Line 5: Line 5:
 
<li>Add this to the end of /etc/mail/sendmail.mc:
 
<li>Add this to the end of /etc/mail/sendmail.mc:
  
  LOCAL_CONFIG
+
<br>LOCAL_CONFIG
  dnl # Do not allow SSLv2 and weak ciphers
+
<br>dnl # Do not allow SSLv2 and weak ciphers
  O CipherList=HIGH:MEDIUM:!ADH:!MD5:!SSLv2
+
<br>O CipherList=HIGH:MEDIUM:!ADH:!MD5:!SSLv2
  O ClientSSLOptions=+SSL_OP_NO_TLSv1
+
<br>O ClientSSLOptions=+SSL_OP_NO_TLSv1
 
 
<br>After you add the above lines, type:  make -C /etc/mail && /etc/init.d/sendmail reload
 
  
 +
<br>After you add the above lines, type:
 +
<br><tt>--> make -C /etc/mail && /etc/init.d/sendmail reload</tt>
 
<li>If that doesn't help, you have to disable TLS with the machine gwmail.bradescoseguros.com.br.  Put this lines in /etc/mail/access:
 
<li>If that doesn't help, you have to disable TLS with the machine gwmail.bradescoseguros.com.br.  Put this lines in /etc/mail/access:
 
+
<br><tt>--> Try_TLS:gwmail.bradescoseguros.com.br   NO</tt>
  Try_TLS:gwmail.bradescoseguros.com.br   NO
+
<br>and again:  
 
+
<br><tt>make -C /etc/mail</tt>
<br>and again: make -C /etc/mail
 
 
 
 
<li>If that still does not work, you may have to disable STARTTLS for now by removing  
 
<li>If that still does not work, you may have to disable STARTTLS for now by removing  
 
+
<br><tt>-->include(`/etc/mail/tls/starttls.m4')dnl from sendmail.mc </tt>
  include(`/etc/mail/tls/starttls.m4')dnl from sendmail.mc  
 
 
<br>and running  
 
<br>and running  
  make -C /etc/mail && /etc/init.d/sendmail reload
+
<br><tt>-->make -C /etc/mail && /etc/init.d/sendmail reload</tt>
 
</ol>
 
</ol>
 
<div style="float:right; clear:both; margin-right:0.5em">[[Support Wiki | [Home]]]</div>
 
<div style="float:right; clear:both; margin-right:0.5em">[[Support Wiki | [Home]]]</div>
 
[[category:All]][[category:Security]]
 
[[category:All]][[category:Security]]

Revision as of 15:06, 20 June 2014

We've found that Debian 7's version of OpenSSL has problems interoperating with some other SSL implementations. Here are some things you can try:

  1. Add this to the end of /etc/mail/sendmail.mc:
    LOCAL_CONFIG
    dnl # Do not allow SSLv2 and weak ciphers
    O CipherList=HIGH:MEDIUM:!ADH:!MD5:!SSLv2
    O ClientSSLOptions=+SSL_OP_NO_TLSv1
    After you add the above lines, type:
    --> make -C /etc/mail && /etc/init.d/sendmail reload
  2. If that doesn't help, you have to disable TLS with the machine gwmail.bradescoseguros.com.br. Put this lines in /etc/mail/access:
    --> Try_TLS:gwmail.bradescoseguros.com.br NO
    and again:
    make -C /etc/mail
  3. If that still does not work, you may have to disable STARTTLS for now by removing
    -->include(`/etc/mail/tls/starttls.m4')dnl from sendmail.mc
    and running
    -->make -C /etc/mail && /etc/init.d/sendmail reload