On Tue, Jun 24, 2014 at 02:29:10PM +, Stefan Runkel wrote:
Stephen Henson via RT rt at openssl.org writes:
I've updated OpenSSL so the padding extension is no longer used by default
Stephen,
Does not work for me. Running sendmail 8.14.8, got the decode error
problem with openssl 1.0.1g, fixed it by ssl/tls1.h changing to
/* #define TLSEXT_TYPE_padding 21 */.
Sine May, that worked.
At Jun10, compiled openssl 1.0.1.h from source and the sendmail decode error
came back by Jun 12.
Did not realize that until Jun 22.
Today, disabled the extension completly:
ssl/ssl.h: #define SSL_OP_TLSEXT_PADDING 0xL
Sendmail queue emptied after restart without further problems.
Ironport customers still have not applied the fix? Any evidence
this applies to destinations that are not Ironport appliances?
I other words, how many domains had the problem and were their MX
hosts all Ironport devices?
--
Viktor.
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
