Re: sendmail: tlsv1 alert decode error

To: John Nemeth <jnemeth%cue.bc.ca@localhost>
Subject: Re: sendmail: tlsv1 alert decode error
From: Emmanuel Dreyfus <manu%netbsd.org@localhost>
Date: Wed, 18 Jun 2014 07:56:47 +0000

On Wed, Jun 18, 2014 at 12:35:54AM -0700, John Nemeth wrote:
> } Well, without the patch, sendmail comes broken out of the box
>      Strictly speaking this isn't true as it appears that the
> problem is actually with OpenSSL.

This is the OpenSSL we have in NetBSD releases, hence without the 
patch, sendmail comes broken out of the box on NetBSD.

>      Presumably SSL_OP_TLSEXT_PADDING was created for a reason.
> Your new suggested patch causes a change in behaviour from the
> default.  Are there ANY possible downsides to this change in
> behaviour?

SSL_OP_TLSEXT_PADDING is a workaround for interoperability problem
if the SSL handshake grows too big (as I understand it happens if you 
adversite many ciphers). Unfortunately, the workaround causes other
interoperability problems. Disabling it brings us back to the behavior
before we upgraded OpenSSL because of heartbleed. 

-- 
Emmanuel Dreyfus
manu%netbsd.org@localhost

References:
- Re: sendmail: tlsv1 alert decode error
  - From: Emmanuel Dreyfus
- Re: sendmail: tlsv1 alert decode error
  - From: John Nemeth

Prev by Date: Re: sendmail: tlsv1 alert decode error
Next by Date: Create a file with history in sh
Previous by Thread: Re: sendmail: tlsv1 alert decode error
Next by Thread: Re: sendmail: tlsv1 alert decode error
Indexes:

Home | Main Index | Thread Index | Old Index