Your message dated Mon, 17 Oct 2016 21:59:13 +0200
with message-id <20161017195913.qert4y5egpoty...@breakpoint.cc>
and subject line Re: [Pkg-openssl-devel] Bug#838765: Bug#838765: openssl: Last 
upgrade broke TLS for Outlook under XP
has caused the Debian Bug report #838765,
regarding openssl: Last upgrade broke TLS for Outlook under XP
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
838765: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838765
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: openssl
Version: 1.0.1t-1+deb8u4
Severity: normal

Dear Maintainer,

tonights update of OpenSSL (1.0.1t-1+deb8u3, 1.0.1t-1+deb8u4) broke the
connection between an Outlook 2007 (12.0.6744.500) under Windows XP and 
a postfix under Debian.

See the following log of a connection-try:

-- beginn ---

Sep 23 11:26:42 hermes postfix/smtpd[30240]: setting up TLS connection from
X.Y.Z.invalid[10.X.Y.Z]
Sep 23 11:26:42 hermes postfix/smtpd[30240]:
X.Y.Z.invalid[10.X.Y.Z]: TLS cipher list
"aNULL:-aNULL:ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH"
Sep 23 11:26:42 hermes postfix/smtpd[30240]: SSL_accept:before/accept
initialization
Sep 23 11:26:42 hermes postfix/smtpd[30240]: SSL3 alert
write:fatal:handshake failure
Sep 23 11:26:42 hermes postfix/smtpd[30240]: SSL_accept:error in error
Sep 23 11:26:42 hermes postfix/smtpd[30240]: SSL_accept:error in error
Sep 23 11:26:42 hermes postfix/smtpd[30240]: SSL_accept error from
X.Y.Z.invalid[10.X.Y.Z]: -1
Sep 23 11:26:42 hermes postfix/smtpd[30240]: warning: TLS library problem:
error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared
cipher:s3_srvr.c:1440:
Sep 23 11:26:42 hermes postfix/smtpd[30240]: lost connection after STARTTLS
from X.Y.Z.invalid[10.X.Y.Z]

-- end ---

The connection worked fine yesterday and no change was done at Outlook or
Postfix.

The TSL-config in postfix is the following (shortened):

-- beginn ---

smtpd_use_tls=yes
smtp_tls_security_level = may
smtp_tls_loglevel = 1
smtpd_tls_loglevel = 1

smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3
smtp_tls_mandatory_protocols = !SSLv2 !SSLv3
smtp_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_protocols = !SSLv2 !SSLv3

tls_preempt_cipherlist      = yes
smtpd_tls_mandatory_ciphers = high
smtpd_tls_ciphers           = medium

smtp_tls_mandatory_ciphers  = $smtpd_tls_mandatory_ciphers
smtp_tls_ciphers            = $smtpd_tls_ciphers

smtpd_tls_eecdh_grade = strong

-- end ---


Of course I’m willing to submit further information if needed.

Sincererly,
DaB.

-- System Information:
Debian Release: 8.4
  APT prefers oldstable
  APT policy: (900, 'oldstable'), (400, 'stable'), (301, 'oldoldstable')
Architecture: i386 (i686)

Kernel: Linux 3.16.0-4-686-pae (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to de_DE.UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: sysvinit (via /sbin/init)

Versions of packages openssl depends on:
ii  libc6        2.19-18+deb8u4
ii  libssl1.0.0  1.0.1t-1+deb8u4

openssl recommends no packages.

Versions of packages openssl suggests:
ii  ca-certificates  20130119+deb7u1

-- no debconf information

--- End Message ---
--- Begin Message ---
On 2016-09-24 17:26:30 [+0200], Kurt Roeckx wrote:
> On Fri, Sep 23, 2016 at 12:57:13PM +0000, DaB. wrote:
> > X.Y.Z.invalid[10.X.Y.Z]: TLS cipher list
> > "aNULL:-aNULL:ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH"
> [...]
> > Sep 23 11:26:42 hermes postfix/smtpd[30240]: warning: TLS library problem:
> > error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared
> > cipher:s3_srvr.c:1440:
> 
> With those settings that's expected.

closing since it is not an openssl bug but openssl addressing sweet32
(and moving 3des from high to medium class).

Sebastian

--- End Message ---

Reply via email to