From owner-freebsd-ports-bugs@FreeBSD.ORG  Thu Nov 22 14:50:02 2007
Return-Path: <owner-freebsd-ports-bugs@FreeBSD.ORG>
Delivered-To: freebsd-ports-bugs@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 5CF0216A421
	for <freebsd-ports-bugs@hub.freebsd.org>;
	Thu, 22 Nov 2007 14:50:02 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 2622313C455
	for <freebsd-ports-bugs@hub.freebsd.org>;
	Thu, 22 Nov 2007 14:50:02 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.1/8.14.1) with ESMTP id lAMEo2il066175
	for <freebsd-ports-bugs@freefall.freebsd.org>;
	Thu, 22 Nov 2007 14:50:02 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.1/8.14.1/Submit) id lAMEo2TK066174;
	Thu, 22 Nov 2007 14:50:02 GMT (envelope-from gnats)
Resent-Date: Thu, 22 Nov 2007 14:50:02 GMT
Resent-Message-Id: <200711221450.lAMEo2TK066174@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-ports-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	Andrew Reilly <areilly@bigpond.net.au>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 26A2216A417
	for <FreeBSD-gnats-submit@freebsd.org>;
	Thu, 22 Nov 2007 14:40:41 +0000 (UTC)
	(envelope-from andrew@areilly.bpa.nu)
Received: from qsrv02sl.mx.bigpond.com (qsrv02sl.mx.bigpond.com
	[144.140.93.182])
	by mx1.freebsd.org (Postfix) with ESMTP id A25AB13C467
	for <FreeBSD-gnats-submit@freebsd.org>;
	Thu, 22 Nov 2007 14:40:40 +0000 (UTC)
	(envelope-from andrew@areilly.bpa.nu)
Received: from oaamta07sl.mx.bigpond.com ([124.188.162.219])
	by omta01sl.mx.bigpond.com with ESMTP id
	<20071122034135.WHGI9168.omta01sl.mx.bigpond.com@oaamta07sl.mx.bigpond.com>
	for <FreeBSD-gnats-submit@freebsd.org>;
	Thu, 22 Nov 2007 03:41:35 +0000
Received: from areilly.bpa.nu ([124.188.162.219])
	by oaamta07sl.mx.bigpond.com with ESMTP
	id <20071122034135.ZKZS11533.oaamta07sl.mx.bigpond.com@areilly.bpa.nu>
	for <FreeBSD-gnats-submit@freebsd.org>;
	Thu, 22 Nov 2007 03:41:35 +0000
Received: (qmail 17413 invoked by uid 501); 22 Nov 2007 03:39:01 -0000
Message-Id: <20071122033901.17412.qmail@areilly.bpa.nu>
Date: 22 Nov 2007 03:39:01 -0000
From: Andrew Reilly <areilly@bigpond.net.au>
To: FreeBSD-gnats-submit@FreeBSD.org
X-Send-Pr-Version: 3.113
Cc: 
Subject: ports/118198: qmail-tls port missing openssl cipher list
	installation
X-BeenThere: freebsd-ports-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Andrew Reilly <areilly@bigpond.net.au>
List-Id: Ports bug reports <freebsd-ports-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>, 
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports-bugs>
List-Post: <mailto:freebsd-ports-bugs@freebsd.org>
List-Help: <mailto:freebsd-ports-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>, 
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Nov 2007 14:50:02 -0000


>Number:         118198
>Category:       ports
>Synopsis:       qmail-tls port missing openssl cipher list installation
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Thu Nov 22 14:50:01 UTC 2007
>Closed-Date:
>Last-Modified:
>Originator:     Andrew Reilly
>Release:        FreeBSD 7.0-BETA3 amd64
>Organization:
>Environment:
System: FreeBSD duncan.reilly.home 7.0-BETA3 FreeBSD 7.0-BETA3 #1: Sun Nov 18 04:20:31 EST 2007 root@duncan:/usr/obj/usr/src/sys/DUNCAN amd64


        Machine is a 1GB Athlon64-X2 running SMP, but I
        don't think that matters here.  Port version is:
        qmail-tls-1.03.20021228_1 installed november 19, based
        on then-current ports tree.

>Description:
        Installed /usr/ports/mail/qmail-tls (fixed as per
        ports/118117) and think that all is fine, but a bunch
        of missing mail prompted me to point first tcpdump and
        then openssl s_client at the new server, whereupon
        it became obvious that actual attempts to *use* the
        STARTTLS facility resulted in the ssl session dying with
        a message like:

2472:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:596:

	Investigation with google found this pertinent web page:
	http://www.shupp.org/toaster/?page=test
        which contained a description of the problem (which
        apparently happened on Debian Linux too) and the
        following fix, which works for me.

>How-To-Repeat:
	cd /usr/ports/mail/qmail-tls
	make install
	# edit /usr/local/openssl/openssl.cnf to suit
	make certificate
	openssl s_client -debug -crlf -starttls smtp -connect localhost:25
        # notice that connection terminates immediately and
        #error message noted above is last thing displayed.

>Fix:

	Per the toaster page:
	openssl ciphers > /var/qmail/control/tlsclientciphers
	openssl ciphers > /var/qmail/control/tlsserverciphers

        the s_client session described above now leaves you
        talking SMTP over the SSL link.

>Release-Note:
>Audit-Trail:
>Unformatted: