Bug#847743: sendmail: STARTTLS server fails with "ca md too weak"

2016-12-12 Thread Joerg Dorchain
On Mon, Dec 12, 2016 at 04:57:26PM +0100, Andreas Beckmann wrote: > On 2016-12-12 16:51, Joerg Dorchain wrote: > > Even in that case, IMHO it would be an idea to mark this bug as > > "won't fix", or even to leave a line in the NEWS.debian, just in > > case this version ever hits stable, as a hint f

Bug#847743: sendmail: STARTTLS server fails with "ca md too weak"

2016-12-12 Thread Andreas Beckmann
On 2016-12-12 16:51, Joerg Dorchain wrote: > Even in that case, IMHO it would be an idea to mark this bug as > "won't fix", or even to leave a line in the NEWS.debian, just in > case this version ever hits stable, as a hint for other CACert users > (or someone with md5-signatures) out there. A NE

Bug#847743: sendmail: STARTTLS server fails with "ca md too weak"

2016-12-12 Thread Joerg Dorchain
On Sun, Dec 11, 2016 at 08:54:08PM +0100, Kurt Roeckx wrote: > > > The defaults openssl sets now might not make sense for smtp in > > > general, but they should actually be good. > > > > While I agree to e.g. md5 being not appropriate anymore, I would > > still like to be able to receive mails fro

Bug#847743: sendmail: STARTTLS server fails with "ca md too weak"

2016-12-11 Thread Kurt Roeckx
On Sun, Dec 11, 2016 at 08:13:08PM +0100, Joerg Dorchain wrote: > On Sun, Dec 11, 2016 at 12:57:06PM +0100, Kurt Roeckx wrote: > > > > > > > Most reproduceable way I found by now is the DANE validator at > > > > https://dane.sys4.de/, which leave a log entry e.g.: > > > > Dec 11 11:04:54 Redstar s

Bug#847743: sendmail: STARTTLS server fails with "ca md too weak"

2016-12-11 Thread Joerg Dorchain
On Sun, Dec 11, 2016 at 12:57:06PM +0100, Kurt Roeckx wrote: > > > > > Most reproduceable way I found by now is the DANE validator at > > > https://dane.sys4.de/, which leave a log entry e.g.: > > > Dec 11 11:04:54 Redstar sm-mta[18223]: STARTTLS=server, error: accept > > > failed=-1, reason=ca m

Bug#847743: sendmail: STARTTLS server fails with "ca md too weak"

2016-12-11 Thread Kurt Roeckx
On Sun, Dec 11, 2016 at 12:11:02PM +0100, Andreas Beckmann wrote: > On 2016-12-11 11:22, Joerg Dorchain wrote: > > following testing after upgrading from 8.15.2-6 to 8.15.2-7, > > sendmail does not accept certain incoming connections anymore > > and refuses the STARTTLS handshake with "ca md too we

Bug#847743: sendmail: STARTTLS server fails with "ca md too weak"

2016-12-11 Thread Andreas Beckmann
On 2016-12-11 11:22, Joerg Dorchain wrote: > following testing after upgrading from 8.15.2-6 to 8.15.2-7, > sendmail does not accept certain incoming connections anymore > and refuses the STARTTLS handshake with "ca md too weak". That is probably because the -7 package got built against openssl 1.