From owner-freebsd-stable@FreeBSD.ORG  Thu Jun 18 14:43:32 2015
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id F2E51C3
 for <freebsd-stable@hub.freebsd.org>; Thu, 18 Jun 2015 14:43:32 +0000 (UTC)
 (envelope-from ca+envelope@esmtp.org)
Received: from zardoc.esmtp.org (zardoc.esmtp.org [70.36.157.240])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "zardoc.esmtp.org",
 Issuer "Claus Assmann CA RSA 2015" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id D5ADD2D5
 for <freebsd-stable@freebsd.org>; Thu, 18 Jun 2015 14:43:32 +0000 (UTC)
 (envelope-from ca+envelope@esmtp.org)
Received: from x2.esmtp.org (localhost. [127.0.0.1])
 by zardoc.esmtp.org (MeTA1-1.1.Alpha1.0) with ESMTPS
 (TLS=TLSv1.2, cipher=ECDHE-RSA-AES256-GCM-SHA384, bits=256, verify=OK)
 id S000000000013049500; Thu, 18 Jun 2015 07:43:26 -0700
Received: (from ca@localhost)
 by x2.esmtp.org (8.14.6/8.12.10.Beta0/Submit) id t5IEhQ6N004576
 for freebsd-stable@freebsd.org; Thu, 18 Jun 2015 07:43:26 -0700 (PDT)
Date: Thu, 18 Jun 2015 07:43:26 -0700
From: Claus Assmann <freebsd+stable@esmtp.org>
To: freebsd-stable@freebsd.org
Subject: Re: sendmail: TLS interop
Message-ID: <20150618144326.GA29275@x2.esmtp.org>
Reply-To: freebsd-stable@freebsd.org
Mail-Followup-To: freebsd-stable@freebsd.org
References: <CAAoTqft7wRi9Ov_oiCk64HwbT+rXn-AvkOd-+VeFhq_s8bE7NA@mail.gmail.com>
 <CAAoTqfvchXndzgCRDyJXCz+UOi93w1v-vvKvoLMgPLk6cHh4Dw@mail.gmail.com>
 <5582C749.9060801@sentex.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <5582C749.9060801@sentex.net>
User-Agent: Mutt/1.5.22+16 (adf90e5365bc) (2013-10-16)
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable/>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Jun 2015 14:43:33 -0000

On Thu, Jun 18, 2015, Mike Tancsa wrote:

> But we also have been seeing the odd site that cannot accept mail now
> with opportunistic encryption, so we had to disable TLS for them :(

Do you have a list of those?
Are those sites having problems with larger DH primes?
Can you set a different cipher list for them so TLS works again?