sslv3 alert certificate unknown in SSL_accept() -> fail
Henrique de Moraes Holschuh
hmh at debian.org
Sun May 21 16:48:57 EDT 2017
On Sun, 21 May 2017, Walter H. via Info-cyrus wrote:
> On 21.05.2017 17:01, Henrique de Moraes Holschuh wrote:
> >On Sun, 21 May 2017, Anton via Info-cyrus wrote:
> >>Problem looks like java app cannot validate new cert. Check ssl_store
> >>for your java based mail gate. Are there CA and Intermediate SSL
> >>Certificates for your new 256ssl cert in mail gate ssl store?
> >Some java versions can take https stapling *really* seriously.
> >
> >You could check if the OCSP URL, and any other URLs inside the
> >certificate itself are all https...
> these URLs mustn't be https, as these is a never ending certificate
> validating story ...
Makes sense, but it also means that java is broken...
--
Henrique Holschuh
More information about the Info-cyrus
mailing list