From: Doug L. <su...@dr...> - 2014-07-20 13:10:02
|
I have a very old install of ASSPv2 "2.3.4(13136)" running on Debian GNU/Linux 6.0.3 (squeeze). This is for our Zimbra mail server that is also outdated, running on Ubuntu 10.04 64bit. I'd like to update the mail server, but won't attempt it until I get the ASSP2 issues resolved. When building another VM to house the upgraded ASSP and putting it into place, I get attachment corruption. Following the logs on the Zimbra side, I see a change in what is being used for the SSL cipher. It goes from the normal: postfix/smtpd[12152]: Anonymous TLS connection established from assp.inet[10.0.0.10]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits) To: postfix/smtpd[11502]: Anonymous TLS connection established from assp.inet[10.0.0.10]: TLSv1 with cipher AES128-SHA (128/128 bits) So, Reviewing a previous post from Thomas http://sourceforge.net/p/assp/mailman/message/31259064/ I started playing around with the cipher options on ASSP. I forced: AES256:SHA256:RC4-SHA:HIGH:!ADH Now my logs on the Zimbra server so AES256 and I no longer have attachment corruption, but I now am experiencing two different issues. 1.) Sending test email from Seamonkey, I may have to hit send a couple times before it goes. 2.) I'm seeing the below logs in my Zimbra server: postfix/smtpd[22112]: warning: TLS library problem: 22112:error:140943FC:SSL routines:SSL3_READ_BYTES:sslv3 alert bad record mac:s3_pkt.c:1199:SSL alert number 20 Would this be because I'm missing a required cipher? Any suggestions would be appreciated. Doug |