[BlueOnyx:13508] Re: TLS message: tlsv1 alert insufficient security:s3_pkt.c:1092:SSL alert number 71

[Michael Stauber]

Hi Dirk,

> I solved the problem. I do not know if it is best practice but it seems to be working.
> I created a new CA and a CERT (http://www.sendmail.org/~ca/email/other/cagreg.html) and replaced the certificate /usr/share/ssl/certs/sendmail.pem
> I restarted sendmail and then the server was able again to receive emails from gmx and web.de.

Yeah, on older 5106R boxes these certificates might still be just 1024
bit instead of 2048 bit. Or the cert might have been expired.

Now that everyone moves on to 2048 bit (/me waves at NSA) more and more
places are rejecting older certificates and/or enforce stricter validation.

-- 
With best regards

Michael Stauber