Re: verifier mode operating without rsa-sha256 support; terminating

From: Rolf E. Sonneveld <>
Date: Thu, 27 Jun 2013 23:54:23 +0200

On 06/27/2013 12:49 AM, Murray S. Kucherawy wrote:
> On Thu, 27 Jun 2013, Rolf E. Sonneveld wrote:
>> Any ideas what I should check next?
> Regardless of what's installed there, it wasn't compiled against that
> version of openssl, but something older that doesn't have SHA256
> support. "opendkim -V" should confirm this.


opendkim -V
opendkim: OpenDKIM Filter v2.8.2
         Compiled with OpenSSL 1.0.1 14 Mar 2012
         SMFI_VERSION 0x1000001
         Supported signing algorithms:
         Supported canonicalization algorithms:
         Active code options:
         libopendkim 2.8.2: atps dkim_reputation debug

and openssl output was:

# openssl version -a
OpenSSL 1.0.1 14 Mar 2012
built on: Mon Apr 15 15:27:18 UTC 2013
platform: debian-amd64
options: bn(64,64) rc4(16x,int) des(idx,cisc,16,int) blowfish(idx)
-fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security
-Werror=format-security -D_FORTIFY_SOURCE=2 -Wl,-Bsymbolic-functions
-Wl,-z,relro -Wa,--noexecstack -Wall -DOPENSSL_NO_TLS1_2_CLIENT
OPENSSLDIR: "/usr/lib/ssl"

> You could also set "AllowSHA1Only".

You mean: set it to 'yes'?

Received on Thu Jun 27 2013 - 21:54:43 PST

This archive was generated by hypermail 2.3.0 : Thu Jun 27 2013 - 22:00:01 PST