Difference between revisions of "TLS Problems"
From Roaring Penguin
| Line 15: | Line 15: | ||
:<tt>--> make -C /etc/mail</tt> | :<tt>--> make -C /etc/mail</tt> | ||
<li>If that still does not work, you may have to disable STARTTLS for now by removing | <li>If that still does not work, you may have to disable STARTTLS for now by removing | ||
| − | + | <tt>--> include(`/etc/mail/tls/starttls.m4')dnl from sendmail.mc </tt> | |
and running: | and running: | ||
:<tt>--> make -C /etc/mail && /etc/init.d/sendmail reload</tt> | :<tt>--> make -C /etc/mail && /etc/init.d/sendmail reload</tt> | ||
Revision as of 15:41, 20 June 2014
We've found that Debian 7's version of OpenSSL has problems interoperating with some other SSL implementations. Here are some things you can try:
- Add this to the end of /etc/mail/sendmail.mc:
- --> LOCAL_CONFIG
- --> dnl # Do not allow SSLv2 and weak ciphers
- --> O CipherList=HIGH:MEDIUM:!ADH:!MD5:!SSLv2
- --> O ClientSSLOptions=+SSL_OP_NO_TLSv1
- --> make -C /etc/mail && /etc/init.d/sendmail reload
- If that doesn't help, you have to disable TLS with the machine gwmail.bradescoseguros.com.br. Put this lines in /etc/mail/access:
- --> Try_TLS:gwmail.bradescoseguros.com.br NO
- --> make -C /etc/mail
- If that still does not work, you may have to disable STARTTLS for now by removing
--> include(`/etc/mail/tls/starttls.m4')dnl from sendmail.mc
and running:
- --> make -C /etc/mail && /etc/init.d/sendmail reload
