| Deutsch English Français Italiano |
|
<vlmav0$443$1@news.misty.com> View for Bookmarking (what is this?) Look up another Usenet article |
Path: ...!news.misty.com!.POSTED.veps.esmtp.org!not-for-mail From: Claus =?iso-8859-1?Q?A=DFmann?= <INVALID_NO_CC_REMOVE_IF_YOU_DO_NOT_POST_ml+sendmail(-no-copies-please)@esmtp.org> Newsgroups: comp.mail.sendmail Subject: Re: OpenSSL 3.4.x supported? Date: Wed, 8 Jan 2025 12:00:16 -0500 (EST) Organization: MGT Consulting Sender: <ml+sendmail(-no-copies-please)@esmtp.org> Message-ID: <vlmav0$443$1@news.misty.com> References: <vknu9u$4th9$1@dont-email.me> <vlfspb$1g6rm$1@dont-email.me> <vlgvo9$k4g$1@news.misty.com> <vlldk0$2msmi$1@dont-email.me> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Injection-Date: Wed, 8 Jan 2025 17:00:16 -0000 (UTC) Injection-Info: news.misty.com; posting-host="veps.esmtp.org:155.138.203.148"; logging-data="4227"; mail-complaints-to="abuse@misty.com" Mail-Copies-To: never X-Newsreader: trn 4.0-test77 (Sep 1, 2010) Originator: ca@x2.esmtp.org (Claus Assmann) Bytes: 2322 Lines: 34 AMM wrote: > > Check the OpenSSL config file / documentation, e.g., wrt > > "security level". > Thank you for your response. However, it is still not clear what > unwanted behaviour can occur? If you can explain, then please do. Quoting the release notes: * The default SSL/TLS security level has been changed from 1 to 2. RSA, DSA and DH keys of 1024 bits and above and less than 2048 bits and ECC keys of 160 bits and above and less than 224 bits were previously accepted by default but are now no longer allowed. By default TLS compression was already disabled in previous OpenSSL versions. At security level 2 it cannot be enabled. This might be useful for other applications, but not for SMTP - it may break using STARTTLS with other MTAs. > Currently I have this in sendmail.mc file: (using from few years) > CipherList= ... Why do you have that list? "What's the problem you are trying to solve?" BTW: Setting CipherList has NO effect when using TLSv1.3 (OpenSSL). -- Note: please read the netiquette before posting. I will almost never reply to top-postings which include a full copy of the previous article(s) at the end because it's annoying, shows that the poster is too lazy to trim his article, and it's wasting the time of all readers.