Hello,
I initially had an issue sending email to my SMTP relay using dma:
https://illumos.topicbox.com/groups/omnios-discuss/T7285bcdb299a5cf9-Me376653a22f357eb88b68051/tls-issue-with-dragonfly-mail-agent
After a couple of testings, I discovered that it seemed to not be just my configuration.
For example, running curl can raise an error:
# curl -v https://www.openbsd.org
* Host www.openbsd.org:443 was resolved.
* IPv6: 2620:3d:c000:178::80
* IPv4: 199.185.178.80
* Trying [2620:3d:c000:178::80]:443...
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* CAfile: /etc/ssl/cacert.pem
* CApath: /etc/ssl/certs
* TLSv1.3 (IN), TLS alert, decode error (562):
* TLS connect error: error:0A00041A:SSL routines::tlsv1 alert decode error
* closing connection #0
curl: (35) TLS connect error: error:0A00041A:SSL routines::tlsv1 alert decode error
On both of my servers, the solution seem to be to restore the dist OpenSSL configuration:
# mv /usr/ssl/openssl.cnf /usr/ssl/openssl.cnf.orig
# mv /usr/ssl/openssl.cnf.dist /usr/ssl/openssl.cnf
Then, the curl command works as expected:
# curl -v https://www.openbsd.org
* Host www.openbsd.org:443 was resolved.
* IPv6: 2620:3d:c000:178::80
* IPv4: 199.185.178.80
* Trying [2620:3d:c000:178::80]:443...
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* CAfile: /etc/ssl/cacert.pem
* CApath: /etc/ssl/certs
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / x25519 / RSASSA-PSS
* ALPN: server did not agree on a protocol. Uses default.
* Server certificate:
* subject: CN=www.openbsd.org
* start date: Aug 4 15:45:55 2025 GMT
* expire date: Nov 2 15:45:54 2025 GMT
* subjectAltName: host "www.openbsd.org" matched cert's "www.openbsd.org"
* issuer: C=US; O=Let's Encrypt; CN=R10
* SSL certificate verify ok.
* Certificate level 0: Public key type RSA (4096/152 Bits/secBits), signed using sha256WithRSAEncryption
* Certificate level 1: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
* Certificate level 2: Public key type RSA (4096/152 Bits/secBits), signed using sha256WithRSAEncryption
* Connected to www.openbsd.org (2620:3d:c000:178::80) port 443
* using HTTP/1.x
(...)
With this modification, sending email using dma also starts working.
Also, this modification does not seem to break pkg update.
Hello,
I initially had an issue sending email to my SMTP relay using dma:
https://illumos.topicbox.com/groups/omnios-discuss/T7285bcdb299a5cf9-Me376653a22f357eb88b68051/tls-issue-with-dragonfly-mail-agent
After a couple of testings, I discovered that it seemed to not be just my configuration.
For example, running curl can raise an error:
On both of my servers, the solution seem to be to restore the dist OpenSSL configuration:
Then, the curl command works as expected:
With this modification, sending email using
dmaalso starts working.Also, this modification does not seem to break
pkg update.