Bug 61856 - STARTTLS does not work
STARTTLS does not work
Product: Red Hat Public Beta
Classification: Retired
Component: sendmail (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Florian La Roche
David Lawrence
Depends On:
  Show dependency treegraph
Reported: 2002-03-25 06:06 EST by Per Steinar Iversen
Modified: 2007-04-18 12:41 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2002-03-26 12:06:38 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Per Steinar Iversen 2002-03-25 06:06:15 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.9) Gecko/20020311

Description of problem:
Sendmail 8.12.2 supports STARTTLS, but the version distributed with the Skipjack
beta1 has problems, for example there is no /usr/share/ssl/certs/sendmail.pem
created by the sendmail rpm.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. telnet to port 25
2. Say: EHLO something
3. No STARTTLS is listed as an ESTMP option

Actual Results:  No STARTTLS is listed as an ESTMP option

Expected Results:  It would be much nicer to see STARTTLS listed.

Additional info:

sendmail seems to be built with STARTTLS support, so this should just be a
configuration issue.
Comment 1 Joe Christy 2002-03-26 12:06:34 EST
FYI sendmail won't show STARTTLS in response to an EHLO until the proper certs
are installed. It would seem problematic to distribute with some generic certs
for security reasons.
Comment 2 Florian La Roche 2002-03-26 15:30:24 EST
I also think this should be configured on a local machine if it is wanted.


Florian La Roche
Comment 3 Per Steinar Iversen 2002-03-27 05:38:26 EST
Similar certificates are generated for Apache and imapd, the security implications would seem 
to be about the same as for generating one for sendmail.

I generated a sendmail.pem in the 
right directory using the Makefile found in /usr/share/ssl/certs and restarted sendmail, but 
no STARTTSL appeared.

Note You need to log in before you can comment on or make changes to this bug.