Path: csiph.com!eternal-september.org!feeder.eternal-september.org!mx02.eternal-september.org!.POSTED!not-for-mail From: Unknown Newsgroups: comp.sys.raspberry-pi Subject: Re: Why can't RPi email? Date: Wed, 19 Aug 2015 03:55:09 +0000 (UTC) Organization: A noiseless patient Spider Lines: 49 Message-ID: References: Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Injection-Date: Wed, 19 Aug 2015 03:55:09 +0000 (UTC) Injection-Info: mx02.eternal-september.org; posting-host="3738e48a3074ca6b854d4bacba0c006b"; logging-data="2816"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+X7mBoSKJdFy5YRusK9t/u+72oruQd5+0=" User-Agent: Pan/0.133 (House of Butterflies) Cancel-Lock: sha1:YMJ13s0TCdXG33hJ8WzIu/W3Ep8= Xref: csiph.com comp.sys.raspberry-pi:9450 On Fri, 31 Jul 2015 19:25:12 +0000, Martin Gregorie wrote: > On Fri, 31 Jul 2015 17:06:22 +0000, Frank Miles wrote: > >> This is on a new RPi-2 with a Edimax (realtek) wifi device. Raspbian >> with all updates. >> > When was your last update? > >> The one possible questionable message is in /var/log/mail.info, it has >> lines indicating that SSL connection is attempting to use >> RSA_ARCFOUR_SHA1. Is that what it should be using? >> > A number of SSL encryption standards have recently been deprecated > recently because they're fundamentally broken and, as a result, are > being removed. This is why you may have also seen HTTPS connection > refusals if you're using the latest Firefox version: its the same thing. > > If you, as the client end (still using a deprecated cypher), try to open > an encrypted connection to a server that no longer supports that cypher, > then you'll get the connection request refused with that type of > rejection. > > Unless you're an SSL maven about all you can do is update your RPi and, > if the problem is still there, raise a bug with the the RPi sendmail > maintainers. > > The same thing can also bite you the other way round: I had a problem > last week when Firefox 39.0, which no longer supports the deprecated > cypher, got its https connection refused by a government server[1] which > *only* supported the deprecated cypher. I fired up an old version of > Opera (12.16), guessing that used the deprecated cypher. It did, and I > was able to use it to do the job. I also raised a bug with the server > admins, who are on the case and seemed happy to get the heads-up, but > are taking their time to get the change made (probably due to the > bureaucratic faff that impacts any changes made to a government or > banking server). > > [1] a helpful bunch of sysadmins, so no names, no pack drill except > to say it isn't a UK Government server The original RFCs for eg. email were nice and simple. Then they introduced which wasn't a problem to extend the code to handle. But this SSL?TLS is a whole extra dark-layer and I can't find out how to test it decoupled/separate from the old familiar code. We DIY enthusiasts are getting squeezed out, by big commercial interests. Everything seems to be going httpS !