> On 13. Sep 2017, at 09:46, Bruno Pagani <bruno.pag...@ens-lyon.org> wrote: > > Hi, > >> Le 13/09/2017 à 09:13, Niels Kobschätzki a écrit : >> >> RCPT TO: <ni...@kobschaetzki.net> >> RENEGOTIATING >> 2383074270240:error:1400444C:SSL routines:CONNECT_CR_SRVR_HELLO:tlsv1 >> alert no renegotiation:/usr/src/lib/libssl/ssl_pkt.c:1205:SSL alert >> number 100 >> 2383074270240:error:140040E5:SSL routines:CONNECT_CR_SRVR_HELLO:ssl >> handshake failure:/usr/src/lib/libssl/ssl_pkt.c:585: >> > > Does this happen only with this domain (kobschaetzki.net) as RCPT?
No, it happens with another domain that runs on other servers as well > If so I guess the answer here (from a SSL/TLS test): > > “The server supports a client-initiated secure renegotiation that may be > unsafe and allow Denial of Service attacks.” > > And your above log clearly state that there is renegotiation happening > and your SSL stack treats this as a fatal error, which I think is right. Ehm, any ideas what I can do? kobschaetzki.net is served by FastMail which is one of the bigger mail-providers out there… Niels -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
