|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2018-03-01 17:08 UTC] cmb@php.net
-Package: *General Issues
+Package: Systems problem
|
|||||||||||||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Fri Nov 22 12:01:29 2024 UTC |
Description: ------------ In my mail logs I have in UTC: Feb 27 20:07:46 mail sendmail[32619]: STARTTLS=server, error: accept failed=-1, reason=no shared cipher, SSL_error=1, errno=0, retry=-1, relay=sgrv20.php.net [69.195.222.219] Feb 27 20:07:46 mail sendmail[32619]: w1RK7kDd032619: sgrv20.php.net [69.195.222.219] did not issue MAIL/EXPN/VRFY/ETRN during connection to sm-mail Feb 27 20:17:47 mail sendmail[4598]: STARTTLS=server, error: accept failed=-1, reason=no shared cipher, SSL_error=1, errno=0, retry=-1, relay=sgrv20.php.net [69.195.222.219] Feb 27 20:17:47 mail sendmail[4598]: w1RKHkQ8004598: sgrv20.php.net [69.195.222.219] did not issue MAIL/EXPN/VRFY/ETRN during connection to sm-mail Feb 27 20:27:48 mail sendmail[7275]: STARTTLS=server, error: accept failed=-1, reason=no shared cipher, SSL_error=1, errno=0, retry=-1, relay=sgrv20.php.net [69.195.222.219] Feb 27 20:27:48 mail sendmail[7275]: w1RKRmH9007275: sgrv20.php.net [69.195.222.219] did not issue MAIL/EXPN/VRFY/ETRN during connection to sm-mail so that your mail server does not agree with my mail server on a cipher suite. Why doesn't your server retry without STARTTLS? Unfortunately I don't know what ciphers were offered, but using testssl.sh for php-smtp3.php.net you offer: Cipher order TLSv1: ECDHE-RSA-AES256-SHA DHE-RSA-AES256-SHA DHE-RSA-CAMELLIA256-SHA AES256-SHA CAMELLIA256-SHA ECDHE-RSA-AES128-SHA DHE-RSA-AES128-SHA DHE-RSA-CAMELLIA128-SHA AES128-SHA CAMELLIA128-SHA TLSv1.1: ECDHE-RSA-AES256-SHA DHE-RSA-AES256-SHA DHE-RSA-CAMELLIA256-SHA AES256-SHA CAMELLIA256-SHA ECDHE-RSA-AES128-SHA DHE-RSA-AES128-SHA DHE-RSA-CAMELLIA128-SHA AES128-SHA CAMELLIA128-SHA TLSv1.2: ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA256 DHE-RSA-AES256-SHA DHE-RSA-CAMELLIA256-SHA AES256-GCM-SHA384 AES256-SHA256 AES256-SHA CAMELLIA256-SHA ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA DHE-RSA-CAMELLIA128-SHA AES128-GCM-SHA256 AES128-SHA256 AES128-SHA CAMELLIA128-SHA and my server offers testssl.sh -t mail.aegee.org:25 Cipher order TLSv1: ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA CAMELLIA256-SHA CAMELLIA128-SHA TLSv1.1: ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA CAMELLIA256-SHA CAMELLIA128-SHA TLSv1.2: ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA CAMELLIA256-SHA CAMELLIA128-SHA so ECDHE-RSA-AES256-GCM-SHA384 would be common denominator. The further testssh.sh says for php-smtp3.php.net: _Testing vulnerabilities_ Secure Client-Initiated Renegotiation VULNERABLE (NOT ok), potential DoS threat Please consider replying on this per email, as I will not be informed, for the reasons mentioned here, when you enter some comments.