pilerimport does not support TLS >= 1.2
On my mail server where TLS >= 1.2 was required pilerimport failed with error:
Cipher: (NONE)
error: server cert error
I had to allow a minimum TLS version 1.0 to get pilerimport to work.
Comments (7)
-
repo owner -
reporter I am using Centos 7 with the latest updates.
openssl version
OpenSSL 1.0.2k-fips 26 Jan 2017the ldd pilerimport output:
]# ldd pilerimport linux-vdso.so.1 => (0x00007fffe17e4000) libpiler.so.0.1.1 => /usr/local/lib/libpiler.so.0.1.1 (0x00007f3b832c7000) libz.so.1 => /lib64/libz.so.1 (0x00007f3b830b1000) libm.so.6 => /lib64/libm.so.6 (0x00007f3b82daf000) libdl.so.2 => /lib64/libdl.so.2 (0x00007f3b82bab000) libcrypto.so.10 => /lib64/libcrypto.so.10 (0x00007f3b82748000) libssl.so.10 => /lib64/libssl.so.10 (0x00007f3b824d6000) libtre.so.5 => /lib64/libtre.so.5 (0x00007f3b822c6000) libzip.so.2 => /lib64/libzip.so.2 (0x00007f3b820b8000) libwrap.so.0 => /lib64/libwrap.so.0 (0x00007f3b81ead000) libnsl.so.1 => /lib64/libnsl.so.1 (0x00007f3b81c93000) libmysqlclient.so.18 => /lib64/libmysqlclient.so.18 (0x00007f3b816ef000) libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f3b814d3000) libc.so.6 => /lib64/libc.so.6 (0x00007f3b81105000) /lib64/ld-linux-x86-64.so.2 (0x00007f3b834f1000) libgssapi_krb5.so.2 => /lib64/libgssapi_krb5.so.2 (0x00007f3b80eb8000) libkrb5.so.3 => /lib64/libkrb5.so.3 (0x00007f3b80bcf000) libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00007f3b809cb000) libk5crypto.so.3 => /lib64/libk5crypto.so.3 (0x00007f3b80798000) libstdc++.so.6 => /lib64/libstdc++.so.6 (0x00007f3b80491000) libkrb5support.so.0 => /lib64/libkrb5support.so.0 (0x00007f3b80281000) libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00007f3b8007d000) libresolv.so.2 => /lib64/libresolv.so.2 (0x00007f3b7fe63000) libgcc_s.so.1 => /lib64/libgcc_s.so.1 (0x00007f3b7fc4d000) libselinux.so.1 => /lib64/libselinux.so.1 (0x00007f3b7fa26000) libpcre.so.1 => /lib64/libpcre.so.1 (0x00007f3b7f7c4000)
-
repo owner Well, it’s more an openssl limitation. Using 1.0.x you have to explicitly specify which tls version you want. I picked TLS_v1 to support the most protocols.
I’ve just made a patch to set TLS v1.2. Apply this patch: https://bitbucket.org/jsuto/piler/commits/7ce0f42e7b438d0b27d1e84540652ca7f16607b8 and recompile piler.
-
repo owner - changed status to resolved
-
reporter Thank you, I will try this patch and let you know the result when I am done.
-
reporter I applied your patch and pilerimport is working with TLS 1.2 now.
Thank you!
-
repo owner You are welcome.
- Log in to comment
What version of openssl do you have? Show me ldd pilerimport output.