protocols "legacy", ciphers "compat" no longer seem to work for older mail clients #1244
Comments
|
Hello,
This is very likely due to the removal of the support for TLS 1.0 and 1.1 from libtls openbsd/src@5c389b7 and from libressl openbsd/src@521ba2f. So, in OpenBSD 7.4+ there is no code AFAICT to do tls 1.0 and 1.1. One possibility, assuming that OpenSSL still supports tls 1.0 and 1.1 (I haven't checked), could be to build this -portable repository using openssl from ports. it's a bit convoluted (need to pass CFLAGS and LDFLAGS to make sure it uses the version from ports, see https://github.com/openbsd/ports/blob/master/security/openssl/libretls/Makefile#L30-L31 as an example), and I wouldn't recommend it. Can't you add an smtpd instance that accepts connections from the printers over plaintext and relays to your mailserver? |
|
I think due to libtls removal of 1.0 and 1.1, you're out of luck with OpenBSD regardless of the MTA without resorting to hacks :-/ |
I have a printer/scanner with the ability to send scans as PDFs over email. It is limited to speaking older protocols, but configuring my 'listen' directive like this used to be OK:
I had to rebuild my opensmtpd host recently "because reasons", but I have all the config, etc, in source control/config management, so I am confident the rebuilt host's config is identical to the old host. Regardless, my printer can no longer send mail. I configure it with the appropriate credentials (and tested these on a modern mail client to make sure I'm not making any typos), but I get the following error in smtpd's logs when the printer itself tries to send:
Previously, the 'protocols legacy' and 'ciphers compat' directives were enough to accommodate my printer, but no longer. Is there a 'bigger hammer' config directive I can use to set 'moar compatible!', or what are my options here?
OS is OpenBSD 7.4 amd64, opensmtpd 7.4.0 (per 'smtpd -h')
The text was updated successfully, but these errors were encountered: