On Truty with 2.12.23-12ubuntu2.9, the sSMTP client would abort the StartTLS connection complaining it didn't support the signature algorithm in use.
When validating I used a mail relay with a RSA-SHA256 cert signed by CAcert.org. CAcert.org is (self-signed) RSA-MD5. It turned out that Trusty also needed the GnuTLS priority string to include %VERIFY_ALLOW_SIGN_RSA_MD5 to support that use case and avoid the regression. It's unclear to me why only gnutls26 needed this since I used the exact same test case for all 3 distro versions. The version 2 of the debdiff for Trusty was tested with certificates chains including MD5, SHA1 and SHA256 certificates and revealed no problem and fixed the regression previously found. ** Patch added: "lp1709193-14.04-version2.debdiff" https://bugs.launchpad.net/debian/+source/gnutls28/+bug/1709193/+attachment/4936464/+files/lp1709193-14.04-version2.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1709193 Title: Unable to use TLSv1.1 or 1.2 with OpenSSL compat layer To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnutls26/+bug/1709193/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
