On Sun, Aug 16, 2020 at 04:44:51PM +0200, Ronald Klop wrote: > Hi, > > I have uname -UK -> 1300101 1300101 in my laptop. This uses libexec/dma as > mail agent. > I have 2 jails running uname -U -> 1300101 and 1300104. All dma configs > are the same. > > In all 1300101 versions dma can deliver mail to my smarthost. On 1300104 I > get: > > Aug 16 16:29:00 freebsd13_py3 dma[385ba.800e480a0][52169]: trying remote > delivery to smtp.greenhost.nl [213.108.110.112] pref 0 > Aug 16 16:29:00 freebsd13_py3 dma[385ba.800e480a0][52169]: > SSL_client_method > Aug 16 16:29:00 freebsd13_py3 dma[385ba.800e480a0][52169]: remote delivery > deferred: SSL handshake failed fatally: error:1408F10B:SSL > routines:ssl3_get_record:wrong version number > > Any thoughts on this? > bisecting this will take me hours and hours of compilation IMO bisecting is not the fastest approach. "ssl3_get_record:wrong version number" sometimes means "you tried to speak TLS to an endpoint that's doing plaintext", but if it reflects an actual TLS version mismatch, a packet capture should make it clear quite quickly. Note that openssl upstream has been gradually ratcheting the default settings towards a more-secure state, so if your peer is only using TLS 1.0/1.1, non-AEAD ciphers, etc., a local upgrade might result in a failure to communicate with the default settings. -BenReceived on Sun Aug 16 2020 - 16:50:00 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:24 UTC