Hi Martin, On Thursday 10 November 2011 03:47:35 martin f krafft wrote: > I am a bit unsure, where the source of the problem lies. Okay, > that's wrong — I have no idea and this baffles me. Since it /feels/ > to me like this started right after the SSL upgrade on the Postfix > server, I am reporting it here.
Thanks for the report. I very much doubt the patch in lenny14 has anything to do with it, it is very well restricted to x509's verify_cert routine and should simply make it return a CERT_REVOKED error. The easiest way to rule out that the issue comes from the upgrade, could you please downgrade libssl0.9.8 to lenny13? (only in squeeze, not in squeeze- sec.) Additionally, and this bit is what might be the most relevant, had you already upgraded to lenny13 and restarted postfix before upgrading to lenny14? CVE-2011-3210, related to DH and ECDH, was fixed in lenny13. Since you are using EDH-RSA I think that could be the origin of the problem. Just to make sure, you could downgrade to lenny12, test, upgrade to lenny13, test, and then upgrade to lenny14. Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
