Article <vlhslc$rr3$1@tncsrv09.home.tnetconsulting.net>

Deutsch English Français Italiano
<vlhslc$rr3$1@tncsrv09.home.tnetconsulting.net>

View for Bookmarking (what is this?)
Look up another Usenet article
Path: ...!weretis.net!feeder9.news.weretis.net!tncsrv06.tnetconsulting.net!tncsrv09.home.tnetconsulting.net!.POSTED.omega.home.tnetconsulting.net!not-for-mail
From: Grant Taylor <gtaylor@tnetconsulting.net>
Newsgroups: comp.mail.sendmail
Subject: Re: OpenSSL 3.4.x supported?
Date: Mon, 6 Jan 2025 18:31:40 -0600
Organization: TNet Consulting
Message-ID: <vlhslc$rr3$1@tncsrv09.home.tnetconsulting.net>
References: <vknu9u$4th9$1@dont-email.me> <vko2nb$99d$1@news.misty.com>
 <vlfspb$1g6rm$1@dont-email.me> <vlgvo9$k4g$1@news.misty.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Tue, 7 Jan 2025 00:31:40 -0000 (UTC)
Injection-Info: tncsrv09.home.tnetconsulting.net; posting-host="omega.home.tnetconsulting.net:198.18.1.11";
	logging-data="28515"; mail-complaints-to="newsmaster@tnetconsulting.net"
User-Agent: Mozilla Thunderbird
Content-Language: en-US
In-Reply-To: <vlgvo9$k4g$1@news.misty.com>
Bytes: 2244
Lines: 32

On 1/6/25 10:18, Claus Aßmann wrote:
> sendmail never explicitly use{s,d} OpenSSL config files.

Doesn't that mean that Sendmail would be using the defaults in the 
OpenSSL on the system?

Which would mean that if the defaults compiled into OpenSSL change, then 
Sendmail's behavior might also unexpectedly change.

The thing that comes to mind is the OpenSSL team changing what ciphers / 
algorithms / key lengths / etc. are set as the default in the compiled 
library.

> None.

If you ever run into a situation where the default changes in a way that 
you don't like, you could add / change an entry in the OpenSSL config 
file that Sendmail uses thus overriding the then changed default 
compiled into the new OpenSSL library.

Networkers call this "nailing the thing a specific way" so that they 
aren't surprised if -> when the default changes.

Both OpenSSL and OpenSSH are notorious for chasing security and dropping 
legacy things much faster than other things.  -  I recently had an 
OpenSSH update break support for ciphers / algorithms used on old 
systems I manage.  I had to change how OpenSSH behaved to get back into 
the old systems.



-- 
Grant. . . .