|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: "TLS1_SETUP_KEY_BLOCK:cipher or hash unavailable" problem on Solaris 10 + possible solution
From: Victor Duchovni (Victor.Duchovni
MorganStanley.com)
Date: Mon Jan 22 2007 - 14:31:05 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Mon, Jan 22, 2007 at 09:13:36PM +0100, Lars Olafsen wrote:
> Victor Duchovni wrote:
> [..]
> >I need access to a system with the library in question to find out exactly
> >how they broke it, and whether any Postfix work-arounds are possible,
> >other than the administrator removing "HIGH" grade ciphers from the
> >cipherlist by hand. I'll see whether we have any similar systems in-house
> >and what workr-arounds may be possible.
>
> mail1.xxx:/# uname -a
>
> SunOS mail1.xxx 5.10 Generic_118855-14 i86pc i386 i86pc Solaris
> mail1.xxx:/# pkginfo | grep openssl
> system SUNWopenssl-commands OpenSSL Commands (Usr)
> system SUNWopenssl-libraries OpenSSL Libraries (Usr)
> system SUNWopensslr OpenSSL (Root)
>
> To be honest, I feel that your original suggestion of compiling openssl
> 0.9.8d is the best way for me to proceed. Please don't feel compelled to
> solve the broken openssl library problem on my behalf :-)
Unfortunately, Wietse's interoperability standards are more stringent
than yours :-(
Because the system you describe is a stock Solaris 10 system, and
because Postfix 2.2 TLS would have worked there (2.2 uses the "DEFAULT"
cipher-list, rather than the "ALL" cipher-list used by 2.3), it is
important for Postfix 2.3 and 2.4 to work in the same environment,
rather than take the moral high ground and blame the broken build...
Life's a beach...
--
Viktor.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:majordomopostfix.org?body=unsubscribe%20postfix-users>
If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]