Severity: serious
This breaks SMTP TLS connections to debian.org when the client presents
a sha512 cert:
^ grep confSERVER_CERT /etc/mail/sendmail.mc
define(`confSERVER_CERT',`/etc/ssl/certs/smtp-cert.pem')dnl
$ openssl x509 -text -noout -in /etc/ssl/certs/smtp-cert.pem | grep 'Signature
Algorithm'
Signature Algorithm: sha512WithRSAEncryption
client logs:
May 23 06:52:09 vinyl sm-mta[6695]: STARTTLS=client, error: connect failed=-1,
SSL_error=5, errno=104, retry=-1
May 23 06:52:09 vinyl sm-mta[6695]: ruleset=tls_server, arg1=SOFTWARE,
relay=mailly.debian.org, reject=403 4.7.0 TLS handshake failed.
server logs:
2014-05-23 19:21:58 TLS error on connection from smtp.outflux.net
[2001:19d0:2:6:c0de:0:736d:7470] (gnutls_handshake): The signature algorithm is
not supported.
-Kees
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
