[openssl-users] sendmail, openssl 1.1.1, tls1.3

[Carl Byington]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

I have a build of sendmail with openssl 1.1.1. It can deliver to
localhost via tls1.3, but nowhere else.

STARTTLS=client, error: connect failed=-1, reason=internal error,
SSL_error=1, errno=0, retry=-1

STARTTLS=client: error:14228044:SSL routines:construct_ca_names:internal
error:ssl/statem/statem_lib.c
:2289:

It works correctly if I disable tls1.3 via:

O ServerSSLOptions=+SSL_OP_NO_SSLv2 +SSL_OP_NO_SSLv3 +SSL_OP_NO_TLSv1_3
+SSL_OP_CIPHER_SERVER_PREFERENCE
O ClientSSLOptions=+SSL_OP_NO_SSLv2 +SSL_OP_NO_SSLv3 +SSL_OP_NO_TLSv1_3

Is this another symptom of
https://github.com/openssl/openssl/issues/7384, or is there something
else going on here?


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)

iEYEAREKAAYFAlvE0V8ACgkQL6j7milTFsGFgACfRH9BudLTi8hPCN12nv18TW4S
MTcAmwRNdzY/tMwskbmJx1bm81cNndDN
=HnJ/
-----END PGP SIGNATURE-----