On Wed, Jun 15, 2005, Andy W. Clements wrote:

> I'm currently having a problem with setting up STARTTLS with my sendmail
> on my FreeBSD 5.3 box.  I've used openssl to create the cert and key:
> openssl dsaparam 1024 -out dsa1024.pem
> openssl req -x509 -nodes -newkey dsa:dsa1024.pem -out mycert.pem -keyout
> mykey.pem

Try an RSA key instead, most systems have problems with DSA
(sendmail works fine however).

> Jun 15 13:53:41 zeppo sm-mta[17104]: STARTTLS=server:
> 17104:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared
> cipher:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_srvr.c:887:

Typical indication that the client doesn't support DSA.
You can use ssldump to see what's going on.

> I have no ideas what the error message in the sendmail log is telling
> me, can someone give me a clue what needs to be done?

1. See above.
2. See the source code (the OpenSSL error message kindly provides
that information).

OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to