Bug 61856 - STARTTLS does not work
Summary: STARTTLS does not work
Alias: None
Product: Red Hat Public Beta
Classification: Retired
Component: sendmail   
(Show other bugs)
Version: skipjack-beta1
Hardware: i386 Linux
Target Milestone: ---
Assignee: Florian La Roche
QA Contact: David Lawrence
Depends On:
TreeView+ depends on / blocked
Reported: 2002-03-25 11:06 UTC by Per Steinar Iversen
Modified: 2007-04-18 16:41 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2002-03-26 17:06:38 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Per Steinar Iversen 2002-03-25 11:06:15 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.9) Gecko/20020311

Description of problem:
Sendmail 8.12.2 supports STARTTLS, but the version distributed with the Skipjack
beta1 has problems, for example there is no /usr/share/ssl/certs/sendmail.pem
created by the sendmail rpm.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. telnet to port 25
2. Say: EHLO something
3. No STARTTLS is listed as an ESTMP option

Actual Results:  No STARTTLS is listed as an ESTMP option

Expected Results:  It would be much nicer to see STARTTLS listed.

Additional info:

sendmail seems to be built with STARTTLS support, so this should just be a
configuration issue.

Comment 1 Joe Christy 2002-03-26 17:06:34 UTC
FYI sendmail won't show STARTTLS in response to an EHLO until the proper certs
are installed. It would seem problematic to distribute with some generic certs
for security reasons.

Comment 2 Florian La Roche 2002-03-26 20:30:24 UTC
I also think this should be configured on a local machine if it is wanted.


Florian La Roche

Comment 3 Per Steinar Iversen 2002-03-27 10:38:26 UTC
Similar certificates are generated for Apache and imapd, the security implications would seem 
to be about the same as for generating one for sendmail.

I generated a sendmail.pem in the 
right directory using the Makefile found in /usr/share/ssl/certs and restarted sendmail, but 
no STARTTSL appeared.

Note You need to log in before you can comment on or make changes to this bug.