On our mail system we have 18 different remote systems that TLS fails with in the last 24 hours. I assume they are using ironport since they are the kind of domains that would use cisco gear such as utah.edu or dell.com, but it's hard to tell since it is a security device and doesn't announce what it is.
So to answer your question, no, not all Ironports are being updated. Last I spoke to another mail admin with an Ironport (probably 2 weeks ago) he said that the update wasn't in the main update channel and that you had to specifically create a cisco case to get them to send the patched release. So it looks like both 1.0.1g and 1.0.1h trigger a cisco bug that nobody is really dying to patch due in part to Cisco making it inconvenient and not obvious. In the end I did the same as Stephen and worked around it by patching openssl which is a hack, but all we could do, and thankful that we had something to get around Cisco's bug. schu -- View this message in context: http://openssl.6102.n7.nabble.com/openssl-org-3336-1-0-1g-breaks-IronPORT-SMTP-appliance-padding-extension-tp50483p51130.html Sent from the OpenSSL - Dev mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
