September 26, 2008 · FreeBSD Qmail Qmail-Tls Toaster

Qmail-tls notes

I am using Bill Shuff's toaster patch ( thanks bill , you rule ! ) , for some reason make cert did not work. I create the certs manually :

#openssl req -newkey rsa:1024 -x509 -nodes -days 3650 -out servercert.pem -keyout servercert.pem

qmail did show TLS up but i got an error :

**#openssl s_client -debug -crlf -starttls smtp -connect localhost:25 **
50883:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s23_clnt.c:562:

scratching my head around the net I found this and run :

**#openssl ciphers > /var/qmail/control/tlsclientciphers #openssl ciphers > /var/qmail/control/tlsserverciphers **

which fixed it all:

** #openssl s_client -crlf -starttls smtp -connect localhost:25**

CONNECTED(00000003)