|
Á¦ ¸ñ : FreeBSD 10¿¡¼ sendmail DH key ¿¡·¯
ÀÛ¼ºÀÚ : ÁÁÀºÁøÈ£(truefeel, http://coffeenix.net/ )
ÀÛ¼ºÀÏ : 2015.7.14(È)
FreeBSD 10.1¿¡¼ ¼¹ö ³»ºÎ ¸ÞÀÏ(cron°á°ú ¸ÞÀÏ, ¼¹ö ·Î±× ¸ÞÀÏ µî) ¹ß¼ÛÇÒ ¶§, ´ÙÀ½°ú °°Àº ¿¡·¯°¡ ³ª¿Ô´Ù.
|
Jul 14 13:05:36 cnx sendmail[35077]: STARTTLS=client, error: connect failed=-1, reason=dh key too small, SSL_error=1, errno=0, retry=-1
Jul 14 13:05:36 cnx sm-mta[35078]: STARTTLS=server, error: accept failed=0, reason=sslv3 alert handshake failure, SSL_error=1, errno=0, retry=-1, relay=localhost [127.0.0.1]
Jul 14 13:05:36 cnx sendmail[35077]: ruleset=tls_server, arg1=SOFTWARE, relay=[127.0.0.1], reject=403 4.7.0 TLS handshake.
| |
ÀÌ ¿¡·¯°¡ ¿Ö °©Àڱ⠳ª¿À´ÂÁö È®ÀÎÇغôõ´Ï FreeBSD 10.1-p13¿¡¼ ´ÙÀ½°ú °°Àº ÆÐÄ¡°¡ ÀÌ·ïÁ³´Ù. ÆÐÄ¡ ÈÄ DH Key(Diffie-Hellman Key)°¡ ³Ê¹« ª¾Æ¼ »ý°å´ø °Í.
|
20150618: p13 FreeBSD-EN-15:08.sendmail
Improvements to sendmail TLS/DH interoperability. [EN-15:08]
| |
openssl·Î DH ÆĶó¹ÌÅÍ »ý¼ºÇØÁØ ÈÄ sendmail Àç½ÇÇàÇÏ¸é ¿Ï·á.
|
# cd /etc/mail/certs
# openssl dhparam -out dh.param 4096
| |
¸ÞÀÏ ¹ß¼ÛÇÏ¸é ´ÙÀ½°ú °°ÀÌ ³ª¿Ã °ÍÀÌ´Ù.
|
Jul 14 13:26:47 cnx sm-mta[36512]: STARTTLS=server, relay=localhost [127.0.0.1], version=TLSv1/SSLv3, verify=NO, cipher=DHE-RSA-AES256-GCM-SHA384, bits=256/256
Jul 14 13:26:47 cnx sendmail[36511]: STARTTLS=client, relay=[127.0.0.1], version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-GCM-SHA384, bits=256/256
... »ý·« ...
| |
|