[BlueOnyx:13517] Re: TLS message: tlsv1 alert insufficient security:s3_pkt.c:1092:SSL alert number 71
Dirk Estenfeld
dirk.estenfeld at bpanet.de
Mon Aug 12 02:11:09 -05 2013
Michael,
thank you for your reply.
After I installed the new certificate, gmx/web.de was possible again but I get messages from apple customers that they cannot send emails by smtp with activated ssl option. If they deactivate ssl option, they can send emails.
Do you have any idea? Do I have to restart some services?
Best regards,
Dirk
-----------------------------------------------
Black Point Arts Internet Solutions GmbH - Hanauer Landstrasse 423a - 60314 Frankfurt
-----Ursprüngliche Nachricht-----
Von: blueonyx-bounces at mail.blueonyx.it [mailto:blueonyx-bounces at mail.blueonyx.it] Im Auftrag von Michael Stauber
Gesendet: Samstag, 10. August 2013 04:24
An: BlueOnyx General Mailing List
Betreff: [BlueOnyx:13508] Re: TLS message: tlsv1 alert insufficient security:s3_pkt.c:1092:SSL alert number 71
Hi Dirk,
> I solved the problem. I do not know if it is best practice but it seems to be working.
> I created a new CA and a CERT
> (http://www.sendmail.org/~ca/email/other/cagreg.html) and replaced the certificate /usr/share/ssl/certs/sendmail.pem I restarted sendmail and then the server was able again to receive emails from gmx and web.de.
Yeah, on older 5106R boxes these certificates might still be just 1024 bit instead of 2048 bit. Or the cert might have been expired.
Now that everyone moves on to 2048 bit (/me waves at NSA) more and more places are rejecting older certificates and/or enforce stricter validation.
--
With best regards
Michael Stauber
_______________________________________________
Blueonyx mailing list
Blueonyx at mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx
More information about the Blueonyx
mailing list