Hello,
Same constatation with sendmail and libssl1.1_1.1.0f-5.
Looking at tls1_2_default.patch from Debian's openssl, the only thing
that needs to be done is to override this change:
@@ -2372,7 +2372,10 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
goto err;
ret->method = meth;
- ret->min_proto_version = 0;
+ if (meth->version == TLS_ANY_VERSION)
+ ret->min_proto_version = TLS1_2_VERSION;
+ else
+ ret->min_proto_version = 0;
ret->max_proto_version = 0;
ret->session_cache_mode = SSL_SESS_CACHE_SERVER;
ret->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT;
I consider this bug should be grave or critical as for a mail server
(for example), ingoing mails can be refused without any bounce.
Best regards,
JKB
