Your message dated Fri, 23 Feb 2018 22:50:33 +0000
with message-id <e1epmaj-00053k...@fasolo.debian.org>
and subject line Bug#873334: fixed in postfix 3.3.0-1
has caused the Debian Bug report #873334,
regarding postfix: Enable all TLS protocols
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
873334: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873334
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: postfix
Version: 3.2.2-1
Tags: patch
Hi,
I've attached a patch that overrides the default TLS 1.2 version
in OpenSSL with all the supported TLS versions. Since postfix only
uses this for opportunistic encryption, it should be fine to do
this by default for now.
I assume that at some point postfix upstream will add proper
support for the SSL_CTX_set_min_proto_version() way of setting
the minimum TLS version from the config file, I suggest you use
this patch until that time.
Kurt
--- src/tls/tls_server.c.bak 2017-08-26 18:12:06.356346925 +0200
+++ src/tls/tls_server.c 2017-08-26 18:13:51.550177486 +0200
@@ -517,6 +517,9 @@
if (protomask != 0)
SSL_CTX_set_options(server_ctx, TLS_SSL_OP_PROTOMASK(protomask));
+ /* Enable all supported protocols */
+ SSL_CTX_set_min_proto_version(server_ctx, 0);
+
/*
* Some sites may want to give the client less rope. On the other hand,
* this could trigger inter-operability issues, the client should not
--- src/tls/tls_client.c.bak 2017-08-26 18:16:27.578954578 +0200
+++ src/tls/tls_client.c 2017-08-26 18:15:04.300674851 +0200
@@ -375,6 +375,9 @@
off |= tls_bug_bits();
SSL_CTX_set_options(client_ctx, off);
+ /* Enable all supported protocols */
+ SSL_CTX_set_min_proto_version(client_ctx, 0);
+
/*
* Set the call-back routine for verbose logging.
*/
--- End Message ---
--- Begin Message ---
Source: postfix
Source-Version: 3.3.0-1
We believe that the bug you reported is fixed in the latest version of
postfix, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 873...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Scott Kitterman <sc...@kitterman.com> (supplier of updated postfix package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 23 Feb 2018 03:05:27 -0500
Source: postfix
Binary: postfix postfix-ldap postfix-lmdb postfix-cdb postfix-pcre
postfix-mysql postfix-pgsql postfix-sqlite postfix-doc
Architecture: source amd64 all
Version: 3.3.0-1
Distribution: unstable
Urgency: medium
Maintainer: LaMont Jones <lam...@debian.org>
Changed-By: Scott Kitterman <sc...@kitterman.com>
Description:
postfix - High-performance mail transport agent
postfix-cdb - CDB map support for Postfix
postfix-doc - Documentation for Postfix
postfix-ldap - LDAP map support for Postfix
postfix-lmdb - LMDB map support for Postfix
postfix-mysql - MySQL map support for Postfix
postfix-pcre - PCRE map support for Postfix
postfix-pgsql - PostgreSQL map support for Postfix
postfix-sqlite - SQLite map support for Postfix
Closes: 873334
Changes:
postfix (3.3.0-1) unstable; urgency=medium
.
[Wietse Venema]
.
* 3.3.0
.
[Scott Kitterman]
.
* Remove debian/patches/02_kfreebsd_support.diff - Obsolete
* Refresh patches
* Add debian/patches/tls_version.diff to enable all supported TLS versions.
Closes: #873334
* Install examples alongside the other documentation in /usr/share/doc/
postfix/ vice /usr/share/doc/postfix-doc/
Checksums-Sha1:
b0e81cd8234e7e7a6d46733898afbceb2cc8b3ff 2674 postfix_3.3.0-1.dsc
424dfdf567998291ad2f2c81466a4dd5834ebee2 4419450 postfix_3.3.0.orig.tar.gz
5fc4f68fa9e115afb78f110a1693b72d1ea34ad1 193628 postfix_3.3.0-1.debian.tar.xz
15cf7d308d3489b42c76f616a4fd84a1237806cb 2428
postfix-cdb-dbgsym_3.3.0-1_amd64.deb
02f3e1b5020cd278cf0dffd21558f47df76dc8e1 325740 postfix-cdb_3.3.0-1_amd64.deb
db9171d57ee9d76ba9af8a47baa8f5eb75067863 97400 postfix-dbgsym_3.3.0-1_amd64.deb
10f0df86d8c09a4d2bc684f1c057d00bb81abcb8 1190740 postfix-doc_3.3.0-1_all.deb
44a3fa942ef25259a05f615eaaf77d575f8c4379 3116
postfix-ldap-dbgsym_3.3.0-1_amd64.deb
21b70238bcdd4c68299553265667c9828f91a6f7 343240 postfix-ldap_3.3.0-1_amd64.deb
718c6163db1d25fad1c5986a04d7978d7a31c49d 2784
postfix-lmdb-dbgsym_3.3.0-1_amd64.deb
9627b457fa9c7cc7242d162b4e9fb4acf824669f 330944 postfix-lmdb_3.3.0-1_amd64.deb
d541cbf95f5f646b8843bfad5f3c71de6778d02d 2728
postfix-mysql-dbgsym_3.3.0-1_amd64.deb
2ed253fe34068178e43ed1cbbf9b2939ed1d8b36 333596 postfix-mysql_3.3.0-1_amd64.deb
9e8521d2f96549763e2f7a24f6807d22c01b3a25 2528
postfix-pcre-dbgsym_3.3.0-1_amd64.deb
13b51df75b30ce5e650e6cbb25a87ff3438e66b3 331432 postfix-pcre_3.3.0-1_amd64.deb
36e58212201d54a37168db67e6ced5f41d7a20ea 2664
postfix-pgsql-dbgsym_3.3.0-1_amd64.deb
3156ef3e893aa0f237cf52610fce45efe1676cfe 332132 postfix-pgsql_3.3.0-1_amd64.deb
f5cc3a95828c45d4e67da3a3ff98998e138fd498 2488
postfix-sqlite-dbgsym_3.3.0-1_amd64.deb
8e7485fbfc8fe29ac8f131d201d1b802b2b26ca9 329188
postfix-sqlite_3.3.0-1_amd64.deb
ce3a22a47fe296bbf81d24a6fb9464286e25611f 10918 postfix_3.3.0-1_amd64.buildinfo
2aa3478807503f20a5d1dde3f56ed64d03f2882b 1450420 postfix_3.3.0-1_amd64.deb
Checksums-Sha256:
d2ffc084706c9231906c5e37e7e0098c17755dcb970c07e6731d0cf5a84f21f5 2674
postfix_3.3.0-1.dsc
7942e89721e30118d7050675b0d976955e3160e21f7898b85a79cac4f4baef39 4419450
postfix_3.3.0.orig.tar.gz
0c85625492a646dc574801bfbf17b80fef7219f57a94c2eb85e8afa7ccec6a8f 193628
postfix_3.3.0-1.debian.tar.xz
aaa1abb62f63aff59efe0b6c375b544b893ba09721ee52af88b0ce016d63b3f7 2428
postfix-cdb-dbgsym_3.3.0-1_amd64.deb
a019a101233fc7cfe88ea1ea7b14ac0359da473fafff54213f77c8bb0c7c6d0d 325740
postfix-cdb_3.3.0-1_amd64.deb
64a85a4910689613ac2adff41884f46168766750ba96622fc270b76bfb7afe79 97400
postfix-dbgsym_3.3.0-1_amd64.deb
6c60994c83995e227cb00207e9a1f9899ccd39bbb2b8135447d27a6847799061 1190740
postfix-doc_3.3.0-1_all.deb
ab2fc61e76668f851f9fbb3f142ad2238c675de92402f48949aadd0130f1efba 3116
postfix-ldap-dbgsym_3.3.0-1_amd64.deb
68721f89f125eec88a817ead1d74c76366042479d169538759141796d3351967 343240
postfix-ldap_3.3.0-1_amd64.deb
31881d9a4a518f48696404928404955c39ab18424bdd369456c5fe443d0a06c7 2784
postfix-lmdb-dbgsym_3.3.0-1_amd64.deb
bba954f0d172a8db4379b4691d2ca7fe67b0480480dd9c3ccf0a31674149e39f 330944
postfix-lmdb_3.3.0-1_amd64.deb
c811b5bb967bbedc7c0bc0bffcebccf4ccebddefb8e7ab3a9f84b4f85155ba10 2728
postfix-mysql-dbgsym_3.3.0-1_amd64.deb
8cdbdcd0298bf1020e6b2eb424d8480bf3181fc936b310f41bf75e78b1049f1a 333596
postfix-mysql_3.3.0-1_amd64.deb
07b8a6d0e3d709fc5faf7d598836e40443be94019737630c18605a6faf3e417f 2528
postfix-pcre-dbgsym_3.3.0-1_amd64.deb
ead6e2f53e3af2893a744a3235d301d8e2e598e6253a3259e82185d9caf8dcb4 331432
postfix-pcre_3.3.0-1_amd64.deb
f4cf6c4615fb43f25c249397b0c4e3d11d09cfb266854f260cfc4ae75b0fbe70 2664
postfix-pgsql-dbgsym_3.3.0-1_amd64.deb
941f4029b3457e90db94fa080789cd1a3435bc534046a7b74d2e6aa67d7fd710 332132
postfix-pgsql_3.3.0-1_amd64.deb
1a03ec3cdcbef64369b75e848823db955decf271b684d0d980125f04c26cb09d 2488
postfix-sqlite-dbgsym_3.3.0-1_amd64.deb
d19c32fc33027b954b61bb434688d20d936dac3c3a56f65015bb616d3f484109 329188
postfix-sqlite_3.3.0-1_amd64.deb
dece80eb05fd122763479e06476a9ce39dae09a302f7c651d1b727ea03368dde 10918
postfix_3.3.0-1_amd64.buildinfo
dccab9f57fbc3e64d2f08154058a35e8665d3fd0011372aefd9ab5fee93acc45 1450420
postfix_3.3.0-1_amd64.deb
Files:
72406db5ca1c0606321779a6ddcc7dab 2674 mail optional postfix_3.3.0-1.dsc
26529f3fdb668482176355e90a546a11 4419450 mail optional
postfix_3.3.0.orig.tar.gz
ee60aad8b89f755d58f4d285844adddb 193628 mail optional
postfix_3.3.0-1.debian.tar.xz
ad244ab9e26e0cca4e2baa981d04e6d8 2428 debug optional
postfix-cdb-dbgsym_3.3.0-1_amd64.deb
c04fca78a11a230036882a074fb0a48e 325740 mail optional
postfix-cdb_3.3.0-1_amd64.deb
81be90fe03b34b44a8941a4eb0b686b9 97400 debug optional
postfix-dbgsym_3.3.0-1_amd64.deb
105fc193e07b25a2c98f3416365990b4 1190740 doc optional
postfix-doc_3.3.0-1_all.deb
046a35e37178cfca13ee5e8cfaf75026 3116 debug optional
postfix-ldap-dbgsym_3.3.0-1_amd64.deb
af3499b90ce9f85ac9570d3abcc357d7 343240 mail optional
postfix-ldap_3.3.0-1_amd64.deb
f2b98e3217032fe0226a76f2bae2673e 2784 debug optional
postfix-lmdb-dbgsym_3.3.0-1_amd64.deb
a22ae6946d0aebf378afb671a9f8f088 330944 mail optional
postfix-lmdb_3.3.0-1_amd64.deb
c1ffc0ce0699726eaad67cb5e339cd70 2728 debug optional
postfix-mysql-dbgsym_3.3.0-1_amd64.deb
a1ce26819245022bc5c85347cebab92a 333596 mail optional
postfix-mysql_3.3.0-1_amd64.deb
bba745fa2edef6064671e1d30102be67 2528 debug optional
postfix-pcre-dbgsym_3.3.0-1_amd64.deb
a27b3c4c93e28b7426ddda391d6802b7 331432 mail optional
postfix-pcre_3.3.0-1_amd64.deb
b0b02e92f2e9d4216e62b5cd216e5537 2664 debug optional
postfix-pgsql-dbgsym_3.3.0-1_amd64.deb
83d299844f195f3d278e424ae2062078 332132 mail optional
postfix-pgsql_3.3.0-1_amd64.deb
ca09a1ae719d2f6b285f1dad13f1f9b4 2488 debug optional
postfix-sqlite-dbgsym_3.3.0-1_amd64.deb
b4c07fbab6c6331f68e0dda1fc8063ac 329188 mail optional
postfix-sqlite_3.3.0-1_amd64.deb
fb685d8b2d55ee1808cc61cf84d8ab19 10918 mail optional
postfix_3.3.0-1_amd64.buildinfo
d2ec4349e6249f4b0ba8d3e66419768e 1450420 mail optional
postfix_3.3.0-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJakJUoAAoJEHjX3vua1ZrxUmUP+QF4KBP2xp4cQ3HWMf2WcU/h
SRgJ6KATApxCInnx8LZ5rYBy3f+0a8TDsjeLUnglCNEUsex9ZXTqoNc+t2bikReH
S45icF5N6vJgi8C2W3EzV4Ryh5AaxqMh4IYsvx4AhfbMBOQ1ywUZ+p8jtCQXRSNn
plOQxM/rrQmNeNG9q/g7eB+o/QiEBu+i5CgqgOF8uJSJLVfDZDwC1vO8h3gnJAXb
A4XHryVweiysOMoesAqWxXI41Z9Ds/A4qiDYoZTYPi37YG6NXKATgTKHmGjxCOVe
9HEduIzFjveXNul8jxm3xItUAgj2sterwRtmSML7vgIZji+pk9WnIo3IQ0iMLdgf
nfsksK0n76D7McFltUcNymh87P3NdmlHhOOkppfmXGFXYnc/kZtY2/IZ8D3dszUB
67H1mh2zIyDCh/EC+h5t3E90oYgRswLr4oI6WanUyDfTqo6RfSx44/0XXiWIuevy
AATgGupKiBbIsUFdn3/VCClZtIomDVoB4Li4FFIa1b7LaNg2uLiaC6v5XAD7rQQI
PZ7cj5yZoCssdFR9bPgcaotyRAgGr+3Tf+LDGhfdp7MtUjADmbXZpdHyp4cw+p5i
6k2OmSMxfEBbDNrJS62foBk/9uKPRnX4BPXZhLBUKmMxAB/9dRARSnlCSC5Ln5x5
2MSXrAi65NPSAHwmkJXX
=tqZN
-----END PGP SIGNATURE-----
--- End Message ---