1. Forum
  2. Usenet
  3. COMP.MAIL.SENDMAIL

  • Re: How to enable TLSv1.2 on sendmail?

    From prasanth reddy@21:1/5 to Luis Clemente on Mon Jul 24 03:55:00 2023
    On Friday, February 5, 2016 at 3:38:03 PM UTC+5:30, Luis Clemente wrote:
    Em sexta-feira, 5 de fevereiro de 2016 08:06:27 UTC-2, Luis Clemente escreveu:
    Em terça-feira, 2 de fevereiro de 2016 23:55:17 UTC-2, Claus Aßmann escreveu:
    Luis Clemente wrote:

    Few months ago I enabled TLSv1 only on Sendmail setting up
    the line -D_FFR_TLS_1 on site.config.m4 file and recompiled

    Why do you think that _FFR_TLS_1 has anything to do with TLSv1? It
    sems you are using a fairly old sendmail version, I found this back
    in 8.14:
    #if _FFR_TLS_1
    /* More STARTTLS options, e.g., secondary certs. */

    sendmail. Now there is a need to enable only TLSv1.2 and I
    am wondering if there is another option of -D_FFR_TLS_1 like -D_FFR_TLS_1_2 or something like this.

    The TLS version that can be used are entirely dependent on the
    OpenSSL version you are using for sendmail.


    --
    Note: please read the netiquette before posting. I will almost never reply to top-postings which include a full copy of the previous article(s) at the end because it's annoying, shows that the poster
    is too lazy to trim his article, and it's wasting the time of all readers.


    Hello Claus,

    We have another sendmail server running with version 8.15.1 and after test we could see that TLSv1.2 is working fine, as you pointed a version update mayn resolve this issue. Thank you very much!!

    Regard's

    Luis
    Server public key is 2048 bit
    Secure Renegotiation IS supported
    Compression: NONE
    Expansion: NONE
    SSL-Session:
    Protocol : TLSv1.2
    Cipher : DHE-RSA-AES256-GCM-SHA384
    Session-ID: 5E8426ACFE1D2D215723B8DE4633A061179A23A8E1473745FE59C9062A55BE52 Session-ID-ctx:
    Master-Key: D240129EA269C40C35A632BF70344044492D072C1028F2A8C871299A92091D58E510FAB7B4DE0517804E53AEFECEC043
    Key-Arg : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 1 (seconds)
    TLS session ticket:
    0060 - f6 68 86 6e 5c 2f ae 80-8f dd 82 b9 00 35 2e 5e .h.n\/.......5.^
    0070 - e6 52 c1 94 d3 ec 12 ea-cc 46 eb 88 09 7a 79 d8 .R.......F...zy.
    0080 - 3b b9 cf 64 ab b4 c1 b8-b0 54 b6 ce 5f 60 05 e8 ;..d.....T.._`..
    0090 - 4a 1c f7 e0 07 57 30 ef-1d 00 32 63 9f 66 ae 3b J....W0...2c.f.;

    Start Time: 1454666622
    Timeout : 7200 (sec)
    Verify return code: 19 (self signed certificate in certificate chain)
    ---

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)