Debian
gnutls28 package

Bug #1709193
Comment #3

Comment 3 for bug 1709193

Revision history for this message

Simon Déziel (sdeziel) wrote on 2017-08-07: Re: Unable to use TLSv1.1 or 1.2

Linked with OpenSSL TLSv1.2 see frame 11 Edit (10.0 KiB, application/vnd.tcpdump.pcap)

There is a Debian patch (debian/patches/01-374327-use-gnutls.patch) that changed ssmtp to link with GnuTLS OpenSSL compat layer. If I drop this patch and link with "-lssl -lcrypto", ssmtp has no problem using TLSv1.2 and AES GCM:

$ tshark -ta -Vr submission-openssl.pcap | sed -n '/^Frame 11:/,/^Frame 12:/ p' | grep -E '^[[:space:]]+(Version|Cipher|Handshake Protocol)'
        Version: TLS 1.0 (0x0301)
        Handshake Protocol: Client Hello
            Version: TLS 1.2 (0x0303)
            Cipher Suites Length: 170
            Cipher Suites (85 suites)
                Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
                ...
                Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
                ...
                Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)

Debiangnutls28 package

Comment 3 for bug 1709193

Debian
gnutls28 package