Re: openssl/libssl1 in Debian now blocks offlineimap?
- Date: Thu, 24 Aug 2017 13:35:20 +0000
- From: Scott Kitterman <debian@xxxxxxxxxxxxx>
- Subject: Re: openssl/libssl1 in Debian now blocks offlineimap?
On August 24, 2017 8:05:20 AM EDT, Bernhard Schmidt <berni@xxxxxxxxxx> wrote:
>Kurt Roeckx <kurt@xxxxxxxxx> wrote:
>> Disabling the protocols is the only way I know how to identify
>> all the problems. And I would like to encourage everybody to
>> contact the other side if things break and get them to upgrade.
>There is now #873065 on Postfix which suggests MTAs don't fall back to
>plain SMTP if the SSL handshake fails due to disabling of TLSv1.0 and
>TLSv1.1. I think this problem will be unsolvable before at least Google
>and Microsoft do the same on their inbound servers, forcing everyone to
The log in that bug shows something connecting to a Postfix smtpd, so someone else's inbound isn't relevant to that bug.
I need to find more information on it, but that is most likely a case of the sender not falling back to plain SMTP and so likely not a Postfix issue.
This does highlight problems with the current situation with openssl. I can't think of a case where no encryption is a better result than use of TLS.