Re: sendmail: tlsv1 alert decode error

To: manu%netbsd.org@localhost (Emmanuel Dreyfus), jnemeth%cue.bc.ca@localhost (John Nemeth), tech-userlevel%netbsd.org@localhost
Subject: Re: sendmail: tlsv1 alert decode error
From: John Nemeth <jnemeth%cue.bc.ca@localhost>
Date: Wed, 18 Jun 2014 00:35:54 -0700

On Jun 18,  6:20am, Emmanuel Dreyfus wrote:
} John Nemeth <jnemeth%cue.bc.ca@localhost> wrote:
} 
} >      Although not a sendmail issue per se, it is an interoperability
} > issue, so it will be in the next sendmail package update.
} 
} Well, without the patch, sendmail comes broken out of the box, with

     Strictly speaking this isn't true as it appears that the
problem is actually with OpenSSL.

} e-mail that cannot reach some domains. The only workaround that does not
} involve patching is to force SSLv3 or downgrade libssl. IMO it makes no
} sense to ship software with such a known issue.

     Given that it's likely easier to update sendmail then OpenSSL,
it makes sense to put the workaround in sendmail.

} I updated my patch so that SSL_OP_TLSEXT_PADDING is disabled by default
} and can be re-enabled with ClientSSLOptions
} and I submitted the updated version upstream:
} http://ftp.espci.fr/shadow/manu/patch-sendmail_readcf.c

     Presumably SSL_OP_TLSEXT_PADDING was created for a reason.
Your new suggested patch causes a change in behaviour from the
default.  Are there ANY possible downsides to this change in
behaviour?

}-- End of excerpt from Emmanuel Dreyfus

Follow-Ups:
- Re: sendmail: tlsv1 alert decode error
  - From: Emmanuel Dreyfus

References:
- Re: sendmail: tlsv1 alert decode error
  - From: Emmanuel Dreyfus

Prev by Date: Re: sendmail: tlsv1 alert decode error
Next by Date: Re: sendmail: tlsv1 alert decode error
Previous by Thread: Re: sendmail: tlsv1 alert decode error
Next by Thread: Re: sendmail: tlsv1 alert decode error
Indexes:

Home | Main Index | Thread Index | Old Index