Configuring sendmail to accept older versions of TLS
39 views
Skip to first unread message
Michael Grant
unread,
Sep 5, 2017, 3:39:18 PM9/5/17
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to
I updated openssl today and to my surprise some of my older mail
clients could no longer connect. Even after they were updated,
several of them, older Outlook and most of the Mac clients could no
longer send mail. I get this error in the logs:
I am led to believe that this is due to a recent change in OpenSSL
which by default no longer accepts versions of TLS older than 1.2.
Is there some option I can set in the sendmail mc file to send down to
the SSL library to coax it to continue to use the older versions of
TLS?
J.O. Aho
unread,
Sep 5, 2017, 4:03:19 PM9/5/17
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to
You need to rebuild openssl and remove the setting that disabled
TLSv1.0/1, nothing in the sednmail config will help, unless you would be
so bold and skip using secure connections.
--
//Aho
Michael Grant
unread,
Sep 5, 2017, 5:42:13 PM9/5/17
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to
What I did was to download the previous version of libssl on debian: libssl1.1_1.1.0f-3_amd64.deb
then I did:
dpkg -i libssl1.1_1.1.0f-3_amd64.deb
restarted sendmail and now all is as before. However, this is disconcerting that those client's tls implementation have not yet been updated. Some of them were Macs, others were Windows running Outlook. I view this as a temporary fix until the client's mail programs get updated.