DaemonForums  

Go Back   DaemonForums > NetBSD > NetBSD Installation and Upgrading

NetBSD Installation and Upgrading Have trouble getting NetBSD on your toaster?

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 24th May 2023
berni51's Avatar
berni51 berni51 is offline
Real Name: Bernhard Ernst
Fdisk Soldier
 
Join Date: Apr 2020
Location: Middle of Germany
Posts: 50
Default email issue with 9.3

Greetings to the party,

after updating my NetBSD machines from 9.2 to 9.3 (or also to 10.0 BETA) I have an email problem:
beside others I have 2 accounts at freenet.de, a German email provider. And only with freenet I cannot longer receive mails: TLS handshake error is the corresponding message.

This happens:
- in each mail agent (tested claws-mail, sylpheed, thunderbird, mutt, alpine)
- only on NetBSD 9.3/!0.0. Worked perfect with 9.2
- not on other OS (OpenBSD, FreeBSD, Linux)
- only with freenet.de. GMX, gmail and others run properly.

I fear that the issue is caused by openssh, but have no idea how to fix it.

Any hints?

Kind regards
Berni
Reply With Quote
  #2   (View Single Post)  
Old 24th May 2023
shep shep is offline
Real Name: Scott
Arp Constable
 
Join Date: May 2008
Location: Dry and Dusty
Posts: 1,514
Default

I had issues with the Default Encryption Policy in a RedHat Clone:

https://www.redhat.com/en/blog/confi...block-chaining

https://access.redhat.com/documentat...2000001OH7EAAW

My email provider was using an older algorithm that was considered insecure.

The Redhat fix was to enable "Legacy" policy.
Reply With Quote
  #3   (View Single Post)  
Old 25th May 2023
berni51's Avatar
berni51 berni51 is offline
Real Name: Bernhard Ernst
Fdisk Soldier
 
Join Date: Apr 2020
Location: Middle of Germany
Posts: 50
Default

That seems not to be my problem.
Reply With Quote
  #4   (View Single Post)  
Old 25th May 2023
shep shep is offline
Real Name: Scott
Arp Constable
 
Join Date: May 2008
Location: Dry and Dusty
Posts: 1,514
Default

With mutt, there should be some details briefly displayed with the TLS handshake errors. If you can catch the TLS version, hopefully you can do a more specific search on howto enable it in NBSD 9.3.
Reply With Quote
  #5   (View Single Post)  
Old 26th May 2023
berni51's Avatar
berni51 berni51 is offline
Real Name: Bernhard Ernst
Fdisk Soldier
 
Join Date: Apr 2020
Location: Middle of Germany
Posts: 50
Default

Unfortunately mutt offers no further information: Connecting to mx.freenet.de .....

however a connection is never established. I waited 30 minutes, but nothing happened.
Reply With Quote
  #6   (View Single Post)  
Old 26th May 2023
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,159
Default

You could try to use tcpdump or wireshark to see what is going on.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #7   (View Single Post)  
Old 28th May 2023
berni51's Avatar
berni51 berni51 is offline
Real Name: Bernhard Ernst
Fdisk Soldier
 
Join Date: Apr 2020
Location: Middle of Germany
Posts: 50
Default

Thx for your hints. I tried with tcpdump and openssh without getting more info. The last message is "Conneting to mx.freenet.de", and thats it until timeout.
Reply With Quote
  #8   (View Single Post)  
Old 28th May 2023
shep shep is offline
Real Name: Scott
Arp Constable
 
Join Date: May 2008
Location: Dry and Dusty
Posts: 1,514
Default

SSL_CONF_cmd(3)

Quote:
-legacy_server_connect, -no_legacy_server_connect
Permits or prohibits the use of unsafe legacy renegotiation for
OpenSSL clients only. Equivalent to setting or clearing
SSL_OP_LEGACY_SERVER_CONNECT.
Worth trying?
Reply With Quote
  #9   (View Single Post)  
Old 29th May 2023
berni51's Avatar
berni51 berni51 is offline
Real Name: Bernhard Ernst
Fdisk Soldier
 
Join Date: Apr 2020
Location: Middle of Germany
Posts: 50
Default

Yes, absolutely! But currently I don't how to do this. I must read a little bit before.
Thx for this insiration.
Reply With Quote
Old 10th June 2023
shep shep is offline
Real Name: Scott
Arp Constable
 
Join Date: May 2008
Location: Dry and Dusty
Posts: 1,514
Default

There may be two ways to do this.

SSL_CONF is an environment variable and could be implemented just when you connect to mx.freenet.de.

Alternatively, you may be able to set it globally in /etc/openssl.conf

https://wiki.openssl.org/index.php/O..._3.0#Providers
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Cron and email stanl OpenBSD General 9 28th August 2019 07:54 PM
FreeBSD email server ? roundkat FreeBSD General 1 30th March 2017 03:08 PM
email & Opera Oko FreeBSD Ports and Packages 5 28th September 2011 10:30 AM
Email and SASL JMJ_coder General software and network 3 8th February 2009 05:09 AM
Webserver email queue Yuka FreeBSD General 5 12th November 2008 12:52 AM


All times are GMT. The time now is 09:38 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick