There is a Debian patch (debian/patches/01-374327-use-gnutls.patch) that
changed ssmtp to link with GnuTLS OpenSSL compat layer. If I drop this
patch and link with "-lssl -lcrypto", ssmtp has no problem using TLSv1.2
and AES GCM:
$ tshark -ta -Vr submission-openssl.pcap | sed -n '/^Frame 11:/,/^Frame 12:/ p'
| grep -E '^[[:space:]]+(Version|Cipher|Handshake Protocol)'
Version: TLS 1.0 (0x0301)
Handshake Protocol: Client Hello
Version: TLS 1.2 (0x0303)
Cipher Suites Length: 170
Cipher Suites (85 suites)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
...
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
...
Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)
** Attachment added: "Linked with OpenSSL TLSv1.2 see frame 11"
https://bugs.launchpad.net/ubuntu/+source/ssmtp/+bug/1709193/+attachment/4928595/+files/submission-openssl.pcap
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1709193
Title:
Unable to use TLSv1.1 or 1.2
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ssmtp/+bug/1709193/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
