On 07/04/2012 06:10 PM, [email protected] wrote: > > Zitat von Martijn Brinkers <[email protected]>: > >> On 07/04/2012 05:28 PM, [email protected] wrote: >>> >>> Zitat von Martijn Brinkers <[email protected]>: >>> >>>> Hi, >>>> >>>> Version 2.4.0-3 of the DJIGZO gateway is released. >>>> >>>> This is the same version as the last release candidate so if you >>>> already >>>> installed 2.4.0-3 you do not need to reinstall this version. >>>> >>>> Release notes: >>>> >>>> New >>>> >>>> * Sign and encrypt tags can be added to the subject for incoming signed >>>> and/or encrypted email (GATEWAY-36) >>>> * Signer and sender address mismatch detection has been added >>>> (GATEWAY-21) >>>> * S/MIME encrypt mailet can selectively encrypt headers (this is mainly >>>> used in combination with DJIGZO for Android) >>> >>> Disabled by default, i guess?? >> >> Yes by default disabled. >> >>> >>>> * S/MIME encryption and signing algorithm can be set per recipient or >>>> domain. >>> >>> The default was SHA1/3DES until now, no? >> >> The default is still SHA1/3DES >> >>> >>> I ask because we have a problem at one customer site that their content >>> filter crashes badly since we have this release at work. We sign all >>> outgoing mail and there were no problems with this site until now. >>> Disable S/MIME for this site save their content filter, but it would be >>> interessting what really have changed for signed mails. >> >> Afaik the only change that might have had an influence on the digital >> signatures was an update of the Bouncycastle library (the Java library >> used for digital signatures etc.). >> >> Does your client use an S/MIME gateway? Did they report a specific error >> or did it just crash? > > It is a spam (content)-filter with no S/MIME capabilities as far as i > know. It just crashs and eat up the mail. We got a "550 could not > process your mail" and the recipient a mail with no subject and 0 byte > size. So while it is clearly their fault it would be helpful to have > more details for a bug report to the maker of the spam filter.
The upgrade to BouncyCastle 1.47 was a lot of work so there were a lot of changes. Most changes however were more API related and not so much implementation. One change that might be relevant is that the signing algorithm identifier added to the headers has been changed. Previously it was sha1 but this has been changed to sha-1 (see S/MIME 3.2 http://www.rfc-editor.org/rfc/rfc5751.txt) so it was: Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha1; boundary="....." and now it is: Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-1; boundary="..." (i.e., sha1 was replaced with sha-1 according to rfc5751). It might be that your client's scanner chokes on the sha-1 value? Kind regards, Martijn Brinkers -- DJIGZO email encryption _______________________________________________ Users mailing list [email protected] http://lists.djigzo.com/lists/listinfo/users
