Red Hat Bugzilla – Bug 61856
STARTTLS does not work
Last modified: 2007-04-18 12:41:09 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.9) Gecko/20020311
Description of problem:
Sendmail 8.12.2 supports STARTTLS, but the version distributed with the Skipjack
beta1 has problems, for example there is no /usr/share/ssl/certs/sendmail.pem
created by the sendmail rpm.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. telnet to port 25
2. Say: EHLO something
3. No STARTTLS is listed as an ESTMP option
Actual Results: No STARTTLS is listed as an ESTMP option
Expected Results: It would be much nicer to see STARTTLS listed.
sendmail seems to be built with STARTTLS support, so this should just be a
FYI sendmail won't show STARTTLS in response to an EHLO until the proper certs
are installed. It would seem problematic to distribute with some generic certs
for security reasons.
I also think this should be configured on a local machine if it is wanted.
Florian La Roche
Similar certificates are generated for Apache and imapd, the security implications would seem
to be about the same as for generating one for sendmail.
I generated a sendmail.pem in the
right directory using the Makefile found in /usr/share/ssl/certs and restarted sendmail, but
no STARTTSL appeared.