TLS handshake fails ("SSL_accept:error in error") for server->server connection (smtp submit dovecot->postfix) if /etc/pki/tls/openssl.cnf "Options=" includes 'ServerPreference' ?
pgnet.dev at gmail.com
Fri Sep 25 14:36:44 UTC 2020
On 9/25/20 12:18 AM, Viktor Dukhovni wrote:
> On Thu, Sep 24, 2020 at 09:26:26PM -0700, PGNet Dev wrote:
> I must lodge a complaint on wasting my time here
seems your're done, then.
> you intimated that just changing openssl.cnf makes the difference.
i didn't 'intimate'.
i stated so. as that is exactly/only what's changed.
and the change it causes has been documented.
> But that is clearly not the case, because you're testing different server endpoints, with port
> 60465 for the "working" case, and "465" for the non-working case.
that's simply not the case
60465 is the dovecot submission port
465 it the postfix submission port
the mua submits to dovecot at port 60465
dovecot resubmits to postfix at port 465
that same configuration is used in each/every test.
again, the ONLY thing that changed between the 'working' and 'failed' cases is the setting in openssl.cnf
I never directly submit to 465
> It seems likely that you don't have TLS wrapper mode on port 60465.
port 60465 is, and always has been, configured for implicit SSL -- not starttls usage.
More information about the openssl-users