[openssl-users] sendmail, openssl 1.1.1, tls1.3

Claus Assmann ca+ssl-users at esmtp.org
Mon Oct 15 23:57:51 UTC 2018

On Mon, Oct 15, 2018, Carl Byington wrote:

> O CACertFile=/etc/pki/tls/certs/ca-bundle.crt

> pointing the CACertFile to 750KB file with 149 certificates. That just
> seems wrong, but perhaps there is some reason for it. If CACertFile is

sendmail: op.*:
         However, do not list too many root CAs in that
         file, otherwise the TLS handshake may fail; e.g.,

Please tell whoever is responsible for that default to fix it.
The certs should be in CACertPath if at all.

More information about the openssl-users mailing list