Bug 68677 - STARTTLS, keys and encryption
STARTTLS, keys and encryption
Product: Red Hat Linux
Classification: Retired
Component: sendmail (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Florian La Roche
David Lawrence
: FutureFeature
Depends On:
  Show dependency treegraph
Reported: 2002-07-12 10:38 EDT by Aaron Sherman
Modified: 2007-04-18 12:44 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2003-01-22 12:43:04 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
spec file and redhat.config.m4 patches for STARTTLS (864 bytes, application/octet-stream)
2002-07-19 04:12 EDT, Mark Allen
no flags Details

  None (edit)
Description Aaron Sherman 2002-07-12 10:38:58 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 Galeon/1.2.5 (X11; Linux i686; U;) Gecko/20020606

Description of problem:
This is a request that in future versions of Red Hat the following things be
done at install time for server configurations:

1. Sendmail is installed with TLSSTART configured
2. A self-signed key is generated
3. The .mc is configured to find the key and enable TLSSTART

This does not accomplish truely secure communication, and the documentation
should reflect that, but having Red Hat install out of the box with a sendmail
that is capable of encryption would go a long way. It would also be a great
enterprise sales tie-in (if you and your client/vendor/whatever are both running
Red Hat for your mail servers, your traffic will automatically be encrypted, and
authentication simply requires buying and installing a key).

I'm recommending that you not only do this for future releases but that you
release an enhancement update for all of the 7.x platforms that turns this
feature on. Q/A will tell, but it turning this on by default should not affect
any existing installations unless they enable it in their configuration, and
since rpm preserves your old config, updates should not have any impact unless
the customer wants to take advantage of it.

Version-Release number of selected component (if applicable):
Comment 1 Mark Allen 2002-07-19 04:12:32 EDT
Created attachment 65904 [details]
spec file and redhat.config.m4 patches for STARTTLS
Comment 2 Mark Allen 2002-07-19 04:15:01 EDT
I've uploaded patches against the rawhide sendmail (8.12.5) SRPM to include
STARTTLS support in sendmail.  I haven't added the logic to the specfile to
create certificates yet, but that wouldn't be terribly difficult.  I happen to
agree with ajs. :-)  Hopefully, this will make it easier on y'all.

These modifications compile on my alpha, but I haven't tested on intel -- yet.
Comment 3 Florian La Roche 2003-01-22 12:43:04 EST
The config files in the newest rpm are prepared for this, but you will still
have to enable it in the configuration before using TLS.


Florian La Roche

Note You need to log in before you can comment on or make changes to this bug.