Difference between revisions of "TLS Problems"
From Roaring Penguin
| Line 4: | Line 4: | ||
<ol> | <ol> | ||
<li>Add this to the end of /etc/mail/sendmail.mc: | <li>Add this to the end of /etc/mail/sendmail.mc: | ||
| − | + | :<tt>--> LOCAL_CONFIG</tt> | |
| − | : | + | :<tt>--> dnl # Do not allow SSLv2 and weak ciphers</tt> |
<br><tt>--> O CipherList=HIGH:MEDIUM:!ADH:!MD5:!SSLv2</tt> | <br><tt>--> O CipherList=HIGH:MEDIUM:!ADH:!MD5:!SSLv2</tt> | ||
<br><tt>--> O ClientSSLOptions=+SSL_OP_NO_TLSv1</tt> | <br><tt>--> O ClientSSLOptions=+SSL_OP_NO_TLSv1</tt> | ||
Revision as of 15:20, 20 June 2014
We've found that Debian 7's version of OpenSSL has problems interoperating with some other SSL implementations. Here are some things you can try:
- Add this to the end of /etc/mail/sendmail.mc:
- --> LOCAL_CONFIG
- --> dnl # Do not allow SSLv2 and weak ciphers
--> O CipherList=HIGH:MEDIUM:!ADH:!MD5:!SSLv2
--> O ClientSSLOptions=+SSL_OP_NO_TLSv1
After you add the above lines, type:
--> make -C /etc/mail && /etc/init.d/sendmail reload - If that doesn't help, you have to disable TLS with the machine gwmail.bradescoseguros.com.br. Put this lines in /etc/mail/access:
--> Try_TLS:gwmail.bradescoseguros.com.br NO
and again:
--> make -C /etc/mail - If that still does not work, you may have to disable STARTTLS for now by removing
--> include(`/etc/mail/tls/starttls.m4')dnl from sendmail.mc
and running
--> make -C /etc/mail && /etc/init.d/sendmail reload
