[openssl-users] sendmail, openssl 1.1.1, tls1.3

[Claus Assmann]

On Mon, Oct 15, 2018, Carl Byington wrote:

> O CACertFile=/etc/pki/tls/certs/ca-bundle.crt

> pointing the CACertFile to 750KB file with 149 certificates. That just
> seems wrong, but perhaps there is some reason for it. If CACertFile is

sendmail: op.*:
         However, do not list too many root CAs in that
         file, otherwise the TLS handshake may fail; e.g.,

Please tell whoever is responsible for that default to fix it.
The certs should be in CACertPath if at all.