On Wed, Jun 15, 2005, Andy W. Clements wrote: > I'm currently having a problem with setting up STARTTLS with my sendmail > on my FreeBSD 5.3 box. I've used openssl to create the cert and key: > > openssl dsaparam 1024 -out dsa1024.pem > openssl req -x509 -nodes -newkey dsa:dsa1024.pem -out mycert.pem -keyout > mykey.pem
Try an RSA key instead, most systems have problems with DSA (sendmail works fine however). > Jun 15 13:53:41 zeppo sm-mta[17104]: STARTTLS=server: > 17104:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared > cipher:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_srvr.c:887: Typical indication that the client doesn't support DSA. You can use ssldump to see what's going on. > I have no ideas what the error message in the sendmail log is telling > me, can someone give me a clue what needs to be done? 1. See above. 2. See the source code (the OpenSSL error message kindly provides that information). ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]