Hi Team,
It was 1998 when TLS for SMTP got introduced as a replacement for SSL and in 2022 this happend,24 years later, trying to answere a Pagure ticket:
2022-06-10 22:43:20 1nzlTU-00G1tB-0N H=pagure.io [8.43.85.76]: a TLS session is required, but the server did not offer TLS support 2022-06-10 22:43:20 1nzlTU-00G1tB-0N == reply+21efb1eacf85c8e5fceaac2e89570f76069e0ff4892d1edd5afa475f8de42bddb4573e1ffce5cade0b59517b78c918a635f1c35b1f9a8dfbbb659591c96af2a2@pagure.io R=dnslookup T=remote_smtp defer (-38) H=pagure.io [8.43.85.76]: a TLS session is required, but the server did not offer TLS support 2022-06-10 22:43:20 1nzlTU-00G1tB-0N ** reply+21efb1eacf85c8e5fceaac2e89570f76069e0ff4892d1edd5afa475f8de42bddb4573e1ffce5cade0b59517b78c918a635f1c35b1f9a8dfbbb659591c96af2a2@pagure.io: retry timeout exceeded 2022-06-10 22:43:20 1nzlTU-00G1tF-VP <= <> R=1nzlTU-00G1tB-0N U=exim P=local S=3810
Verification:
$ openssl s_client --connect 8.43.85.76:25 -starttls smtp CONNECTED(00000003) Didn't find STARTTLS in server response, trying anyway... 139886907805184:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:331:
SSL handshake has read 242 bytes and written 326 bytes Verification: OK
New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok)
pagure.io is a POSTFIX server, should be easy to enable it in a jiffy.
O== Why should this be high on the TOP List.
In 2016 the EU GDPR got introduced to the world and bound european companies smtp servers, which the mail wanted to use as transit, to use TLS for Email transports ( ยง31 ). It does not soley mean email, it refers to any communication channel which can be used to transport personal data, and as one doesn't know when anotherone wants to send personal data, the encryption has to be always on. Simple Logic.
This leads to the actual situation when a EU GDPR complient smtp server, can't send the fedoraproject subcomponent a mail.
Please fix this. It should not take longer than 5 minutes to enable opportunistic encryption use in postfix.
Thanks and best regards, Marius Schwarz
Metadata Update from @zlopez: - Issue priority set to: Waiting on Assignee (was: Needs Review) - Issue tagged with: high-gain, medium-trouble
Should be fixed now.
Thanks for the ticket.
Metadata Update from @kevin: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Am 14.06.22 um 03:09 schrieb Kevin Fenzi:
The status of the issue: pagure.io [8.43.85.76]: a TLS session is required, but the server did not offer TLS support of project: fedora-infrastructure has been updated to: Closed as Fixed by kevin. https://pagure.io/fedora-infrastructure/issue/10761
The status of the issue: pagure.io [8.43.85.76]: a TLS session is required, but the server did not offer TLS support of project: fedora-infrastructure has been updated to: Closed as Fixed by kevin.
pagure.io [8.43.85.76]: a TLS session is required, but the server did not offer TLS support
fedora-infrastructure
https://pagure.io/fedora-infrastructure/issue/10761
If this text reaches the ticket via email, the issue is fixed!
best regards, Marius
BTW..
the register loop is here:
https://discussion.fedoraproject.org/categories
Login to comment on this ticket.