Add TLS certificate for email relaying in lists.alpinelinux.org (#9573) · Issues · alpine / infra / infra

Add TLS certificate for email relaying in lists.alpinelinux.org

Hello,

As subject states, lists.alpinelinux.org doesn’t offer a certificate for using STARTTLS in MTA to MTA communication. This can be checked by:

$ openssl s_client -connect lists.alpinelinux.org:25 -starttls smtp
CONNECTED(00000003)
didn't find starttls in server response, try anyway...
22101338425312:error:1400410B:SSL routines:CONNECT_CR_SRVR_HELLO:wrong version number:/usr/src/lib/libssl/ssl_pkt.c:386:                                                                                                       
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 208 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : 0000
    Session-ID:
    Session-ID-ctx:
    Master-Key:
    Start Time: 1540317980
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
---

Under some email servers setups such as mine, email isn’t relayed if the remote doesn’t provides STARTTLS.

Best regards.

(from redmine: issue id 9573, created on 2018-10-24)

Hello,

As subject states, lists.alpinelinux.org doesn’t offer a certificate for
using STARTTLS in MTA to MTA communication. This can be checked by:

$ openssl s_client -connect lists.alpinelinux.org:25 -starttls smtp
    CONNECTED(00000003)
    didn't find starttls in server response, try anyway...
    22101338425312:error:1400410B:SSL routines:CONNECT_CR_SRVR_HELLO:wrong version number:/usr/src/lib/libssl/ssl_pkt.c:386:                                                                                                       
    ---
    no peer certificate available
    ---
    No client certificate CA names sent
    ---
    SSL handshake has read 208 bytes and written 0 bytes
    ---
    New, (NONE), Cipher is (NONE)
    Secure Renegotiation IS NOT supported
    Compression: NONE
    Expansion: NONE
    No ALPN negotiated
    SSL-Session:
        Protocol  : TLSv1.2
        Cipher    : 0000
        Session-ID:
        Session-ID-ctx:
        Master-Key:
        Start Time: 1540317980
        Timeout   : 7200 (sec)
        Verify return code: 0 (ok)
    ---

Under some email servers setups such as mine, email isn’t relayed if the
remote doesn’t provides STARTTLS.

Best regards.

*(from redmine: issue id 9573, created on 2018-10-24)*

Discussion
Designs

The one place for your designs

To enable design management, you'll need to meet the requirements. If you need help, reach out to our support team for assistance.