I still don't reproduce the bug. I do: $ openssl s_client -cipher ECDHE-RSA-AES256-SHA -connect localhost:465 or $ openssl s_client -cipher ECDHE-RSA-AES256-SHA -connect localhost:25 -starttls smtp
And it seems to work fine: Apr 25 23:01:19 solaris11-vm postfix/smtps/smtpd[1466]: [ID 197553 mail.info] Anonymous TLS connection established from solaris11-vm.pleiades.fr.eu.org[127.0.0.1]: TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits) Apr 25 23:02:02 solaris11-vm postfix/smtpd[1448]: [ID 197553 mail.info] Anonymous TLS connection established from solaris11-vm.pleiades.fr.eu.org[127.0.0.1]: TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits) ECDHE-RSA-AES256-SHA use the SHA1 algorithm. What is the client used to trigger the problem ? Yann 2013/4/25 Juraj Lutter <[email protected]> > On 04/25/2013 05:45 PM, Yann Rouillard wrote: > > Hi Juraj, > > > > sha1 seems to be available: > > $ openssl dgst -sha1 /tmp/file > > SHA1(/tmp/file)= da39a3ee5e6b4b0d3255bfef95601890afd80709 > > > > I don't reproduce your bug. > > Can you send me your postfix configuration ? > > Relevant lines are: > > smtpd_tls_security_level = may > smtpd_tls_auth_only = no > smtpd_tls_key_file = /etc/opt/ows/postfix/ssl1/mailhub.ltc.sk.key > smtpd_tls_cert_file = /etc/opt/ows/postfix/ssl1/mailhub.ltc.sk.crt > smtpd_tls_CApath = /etc/opt/csw/ssl/certs > smtpd_tls_loglevel = 1 > smtpd_tls_received_header = yes > smtpd_tls_session_cache_timeout = 3600s > smtpd_tls_cipherlist = ALL:!aNULL:!eNULL:!LOW:!SSLv2:TLSv1:SSLv3:+EXP > smtpd_tls_ask_ccert = yes > smtpd_tls_req_ccert = no > smtpd_tls_protocols = !SSLv2,SSLv3,TLSv1 > relay_clientcerts = dbm:/etc/opt/ows/postfix/relay_clientcerts > tls_random_source = dev:/dev/urandom > > it's been working FOR YEARS, until yesterday when I've upgraded OpenSSL. > > :-( > > > > > > > Yann > > > > > > > > > > > > > > 2013/4/25 Juraj Lutter <[email protected] <mailto:[email protected] > >> > > > > Hi, > > > > after recent OpenSSL upgrade, my postfix started to yield following: > > > > Apr 25 10:09:31 filesrv1 postfix-ltc-ssl/smtpd[24885]: [ID 947731 > > mail.warning] warning: Digest algorithm "sha1" not found: disabling > TLS > > support > > > > > > Have anyone of you also encountered this kind of behaviour? > > > > Thanks. > > > > -- > > Juraj Lutter > > URL: http://www.wilbury.sk/ > > XMPP: [email protected] <mailto:[email protected]> > > Pekny, mily a usmievavy webhosting a serverhousing: > http://www.nic.sk/ > > > > _______________________________________________ > > maintainers mailing list > > [email protected] <mailto:[email protected]> > > https://lists.opencsw.org/mailman/listinfo/maintainers > > .:: This mailing list's archive is public. ::. > > > > > > > > > > _______________________________________________ > > maintainers mailing list > > [email protected] > > https://lists.opencsw.org/mailman/listinfo/maintainers > > .:: This mailing list's archive is public. ::. > > > > > -- > Juraj Lutter <[email protected]> > _______________________________________________ > maintainers mailing list > [email protected] > https://lists.opencsw.org/mailman/listinfo/maintainers > .:: This mailing list's archive is public. ::. >
_______________________________________________ maintainers mailing list [email protected] https://lists.opencsw.org/mailman/listinfo/maintainers .:: This mailing list's archive is public. ::.
