recent ssl update prevents alpine from sending email
Bug #1467204 reported by
Bruce Knapp
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Linux Mint |
New
|
Undecided
|
Unassigned |
Bug Description
I'm using Linux Mint 17.1 kde 64bit, but I suspect the problem affects anyone with an ubuntu distribution who uses alpine for mail. After installing the recent ssl update, any atempt to send mail with alpine fails ssl negotiations. I have another machine with the same distribution but without the update. It can send mail with alpine. Both use /ssl for the server.
information type: | Private Security → Public |
To post a comment you must log in.
I ran into the same problem with Ubuntu 20.04 but the note in: /usr/share/ doc/libssl1. 1/NEWS. Debian. gz solved the problem for me. Here is what the note says, I followed it and resolved my SSL negotiation issues.
openssl (1.1.1d-2ubuntu2) focal; urgency=medium
The default security level for TLS connections was increased from
level 1 to level 2. This moves from the 80 bit security level to the
112 bit security level and will require 2048 bit or larger RSA and
DHE keys, 224 bit or larger ECC keys, SHA-2, TLSv1.2 or DTLSv1.2.
The system wide settings can be changed in ssl/openssl. cnf. Applications might also have a way to override
/etc/
the defaults.
In the default /etc/ssl/ openssl. cnf one can add sections to specify set_security_ level(3ssl) manpage. Other information can be
CipherString. The CipherString can be used to set the security
level. Information about the security levels can be found in the
SSL_CTX_
found in ciphers(1ssl) and config(5ssl).
Changing back the defaults in /etc/ssl/ openssl. cnf to previous system wide
defaults can be by adding at the top of the file:
# System default
openssl_conf = default_conf
and adding at the bottom of the file:
[default_conf]
ssl_conf = ssl_sect
[ssl_sect]
system_default = system_default_sect
[system_ default_ sect]
CipherString = DEFAULT:@SECLEVEL=1
It's recommended that you contact the remote site in case the defaults cause
problems.
-- Dimitri John Ledkov <email address hidden> Wed, 08 Jan 2020 17:17:41 +0000