Date: Wed, 11 Mar 2015 07:27:58 -0700 From: Paul Hoffman <paul.hoffman@vpnc.org> To: freebsd security <freebsd-security@freebsd.org> Cc: current@freebsd.com Subject: Re: sendmail broken by libssl in current Message-ID: <6BD2AE7F-8EC5-4EBC-A183-E03EC54456BC@vpnc.org> In-Reply-To: <54FFE774.50103@freebsd.org> References: <54FFE774.50103@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mar 10, 2015, at 11:57 PM, Julian Elischer <julian@freebsd.org> wrote: > unfortunatly this makes sendmail incompatible with various email servers around the world, > including (apparently (ironically (*))) Ironport email gateways. > It fails in TLS handshake. Can you say which email servers *other* than unpatched Ironport fail? I've only seen it with unpatched Ironport on my (somewhat active) FreeBSD-based mail server. FWIW, I only see these bounces in my mail queue for exactly two sites. Cisco has known about this for many months; see <https://tools.cisco.com/quickview/bug/CSCuo25276>. I have been told by an Ironport user that there is already a patch that is available from Cisco. If that's true (I can't confirm), why would we want to do a patch to our core crypto? --Paul Hoffman
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6BD2AE7F-8EC5-4EBC-A183-E03EC54456BC>