info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Configuring sendmail to accept older versions of TLS
39 views
Skip to first unread message
Michael Grant
Sep 5, 2017, 3:39:18 PM9/5/17
to
I updated openssl today and to my surprise some of my older mail
clients could no longer connect. Even after they were updated,
several of them, older Outlook and most of the Mac clients could no
longer send mail. I get this error in the logs:
STARTTLS=server: 0:error:1417D102:SSL
routines:tls_process_client_hello:unsupported
protocol:../ssl/statem/statem_srvr.c:974:
I am led to believe that this is due to a recent change in OpenSSL
which by default no longer accepts versions of TLS older than 1.2.
Is there some option I can set in the sendmail mc file to send down to
the SSL library to coax it to continue to use the older versions of
TLS?
clients could no longer connect. Even after they were updated,
several of them, older Outlook and most of the Mac clients could no
longer send mail. I get this error in the logs:
STARTTLS=server: 0:error:1417D102:SSL
routines:tls_process_client_hello:unsupported
protocol:../ssl/statem/statem_srvr.c:974:
I am led to believe that this is due to a recent change in OpenSSL
which by default no longer accepts versions of TLS older than 1.2.
Is there some option I can set in the sendmail mc file to send down to
the SSL library to coax it to continue to use the older versions of
TLS?
J.O. Aho
Sep 5, 2017, 4:03:19 PM9/5/17
to
TLSv1.0/1, nothing in the sednmail config will help, unless you would be
so bold and skip using secure connections.
--
//Aho
Michael Grant
Sep 5, 2017, 5:42:13 PM9/5/17
to
What I did was to download the previous version of libssl on debian: libssl1.1_1.1.0f-3_amd64.deb
then I did:
dpkg -i libssl1.1_1.1.0f-3_amd64.deb
restarted sendmail and now all is as before. However, this is disconcerting that those client's tls implementation have not yet been updated. Some of them were Macs, others were Windows running Outlook. I view this as a temporary fix until the client's mail programs get updated.
then I did:
dpkg -i libssl1.1_1.1.0f-3_amd64.deb
restarted sendmail and now all is as before. However, this is disconcerting that those client's tls implementation have not yet been updated. Some of them were Macs, others were Windows running Outlook. I view this as a temporary fix until the client's mail programs get updated.
0 new messages