Difference between revisions of "TLS Problems"
From Roaring Penguin
| Line 6: | Line 6: | ||
:<tt>--> LOCAL_CONFIG</tt> | :<tt>--> LOCAL_CONFIG</tt> | ||
:<tt>--> dnl # Do not allow SSLv2 and weak ciphers</tt> | :<tt>--> dnl # Do not allow SSLv2 and weak ciphers</tt> | ||
| − | + | :<tt>--> O CipherList=HIGH:MEDIUM:!ADH:!MD5:!SSLv2</tt> | |
| − | + | :<tt>--> O ClientSSLOptions=+SSL_OP_NO_TLSv1</tt> | |
<br>After you add the above lines, type: | <br>After you add the above lines, type: | ||
| − | + | :<tt>--> make -C /etc/mail && /etc/init.d/sendmail reload</tt> | |
<li>If that doesn't help, you have to disable TLS with the machine gwmail.bradescoseguros.com.br. Put this lines in /etc/mail/access: | <li>If that doesn't help, you have to disable TLS with the machine gwmail.bradescoseguros.com.br. Put this lines in /etc/mail/access: | ||
| − | + | :<tt>--> Try_TLS:gwmail.bradescoseguros.com.br NO</tt> | |
<br>and again: | <br>and again: | ||
| − | + | :<tt>--> make -C /etc/mail</tt> | |
<li>If that still does not work, you may have to disable STARTTLS for now by removing | <li>If that still does not work, you may have to disable STARTTLS for now by removing | ||
<br><tt>--> include(`/etc/mail/tls/starttls.m4')dnl from sendmail.mc </tt> | <br><tt>--> include(`/etc/mail/tls/starttls.m4')dnl from sendmail.mc </tt> | ||
<br>and running | <br>and running | ||
| − | + | :<tt>--> make -C /etc/mail && /etc/init.d/sendmail reload</tt> | |
</ol> | </ol> | ||
<div style="float:right; clear:both; margin-right:0.5em">[[Support Wiki | [Home]]]</div> | <div style="float:right; clear:both; margin-right:0.5em">[[Support Wiki | [Home]]]</div> | ||
[[category:All]][[category:Security]] | [[category:All]][[category:Security]] | ||
Revision as of 16:21, 20 June 2014
We've found that Debian 7's version of OpenSSL has problems interoperating with some other SSL implementations. Here are some things you can try:
- Add this to the end of /etc/mail/sendmail.mc:
- --> LOCAL_CONFIG
- --> dnl # Do not allow SSLv2 and weak ciphers
- --> O CipherList=HIGH:MEDIUM:!ADH:!MD5:!SSLv2
- --> O ClientSSLOptions=+SSL_OP_NO_TLSv1
After you add the above lines, type:- --> make -C /etc/mail && /etc/init.d/sendmail reload
- If that doesn't help, you have to disable TLS with the machine gwmail.bradescoseguros.com.br. Put this lines in /etc/mail/access:
- --> Try_TLS:gwmail.bradescoseguros.com.br NO
and again:- --> make -C /etc/mail
- If that still does not work, you may have to disable STARTTLS for now by removing
--> include(`/etc/mail/tls/starttls.m4')dnl from sendmail.mc
and running- --> make -C /etc/mail && /etc/init.d/sendmail reload
