#10761 pagure.io [8.43.85.76]: a TLS session is required, but the server did not offer TLS support
Closed: Fixed 2 years ago by kevin. Opened 2 years ago by mschwarz.

Hi Team,

It was 1998 when TLS for SMTP got introduced as a replacement for SSL and in 2022 this happend,24 years later, trying to answere a Pagure ticket:

2022-06-10 22:43:20 1nzlTU-00G1tB-0N H=pagure.io [8.43.85.76]: a TLS session is required, but the server did not offer TLS support
2022-06-10 22:43:20 1nzlTU-00G1tB-0N == reply+21efb1eacf85c8e5fceaac2e89570f76069e0ff4892d1edd5afa475f8de42bddb4573e1ffce5cade0b59517b78c918a635f1c35b1f9a8dfbbb659591c96af2a2@pagure.io R=dnslookup T=remote_smtp defer (-38) H=pagure.io [8.43.85.76]: a TLS session is required, but the server did not offer TLS support
2022-06-10 22:43:20 1nzlTU-00G1tB-0N ** reply+21efb1eacf85c8e5fceaac2e89570f76069e0ff4892d1edd5afa475f8de42bddb4573e1ffce5cade0b59517b78c918a635f1c35b1f9a8dfbbb659591c96af2a2@pagure.io: retry timeout exceeded
2022-06-10 22:43:20 1nzlTU-00G1tF-VP <= <> R=1nzlTU-00G1tB-0N U=exim P=local S=3810

Verification:

$ openssl s_client --connect 8.43.85.76:25 -starttls smtp
CONNECTED(00000003)
Didn't find STARTTLS in server response, trying anyway...
139886907805184:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:331:


no peer certificate available

No client certificate CA names sent

SSL handshake has read 242 bytes and written 326 bytes
Verification: OK


New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)


pagure.io is a POSTFIX server, should be easy to enable it in a jiffy.

O== Why should this be high on the TOP List.

In 2016 the EU GDPR got introduced to the world and bound european companies smtp servers, which the mail wanted to use as transit, to use TLS for Email transports ( ยง31 ). It does not soley mean email, it refers to any communication channel which can be used to transport personal data, and as one doesn't know when anotherone wants to send personal data, the encryption has to be always on. Simple Logic.

This leads to the actual situation when a EU GDPR complient smtp server, can't send the fedoraproject subcomponent a mail.

Please fix this. It should not take longer than 5 minutes to enable opportunistic encryption use in postfix.

Thanks and best regards,
Marius Schwarz


Metadata Update from @zlopez:
- Issue priority set to: Waiting on Assignee (was: Needs Review)
- Issue tagged with: high-gain, medium-trouble

2 years ago

Should be fixed now.

Thanks for the ticket.

Metadata Update from @kevin:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

2 years ago

Am 14.06.22 um 03:09 schrieb Kevin Fenzi:

The status of the issue: pagure.io [8.43.85.76]: a TLS session is required, but the server did not offer TLS support of project: fedora-infrastructure has been updated to: Closed as Fixed by kevin.

https://pagure.io/fedora-infrastructure/issue/10761

If this text reaches the ticket via email, the issue is fixed!

best regards,
Marius

Login to comment on this ticket.

Metadata