Michael Grant <mgr...@grant.org> wrote: > Is there something I can set on Debian side to force this newer > openssl to accept older 1.x connections?
No, you can't. Kurt Roeckx, the DD maintaining OpenSSL, patched it in such a way that a program needs to call a special function of OpenSSL to override the default minimum TLS-version of TLS1.2. Problem is: next to no program implements this as of yet. The Dovecot developers may introduce the needed change in some of the coming versions, with sendmail I believe you will be out of luck. First help: Grab an older OpenSSL version from snapshots.debian.org to get going again. My solution (other than complaining on the debian-devel mailinglist) was to recompile OpenSSL with the patch in question removed. Of course in doing so I burdened myself with tracking any new release of the OpenSSL packages and recompile them until this situation has been resolved in some other way. Grüße, Sven. -- Sigmentation fault. Core dumped.
