Well I raised this bug to serious as 1) I think these days, having non functional SSL is a real problem 2) mail-submit.debian.org (the SMTP server that can be used by DD to send mail with DKIM signature) is triggering this error. We can argue over the severity, I think that this should be fixed ASAPhttps://salsa.debian.org/reportbug-team/reportbug/-/blob/master/doc/README.Users?ref_type=heads#L200-202
I'm not sure why you are pointing me to this?
The problem is that reportbugs is not happy when trying to
connect to some SMTP servers when using "smtptls" depending of
their configuration, NOTHING to do with the BTS.
The SMTP server I mentioned here is just an example AND it works perfectly with the openssl command:
$ openssl s_client -connect mail-submit.debian.org:587 -starttls smtp CONNECTED(00000003) depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1 verify return:1 depth=1 C = US, O = Let's Encrypt, CN = R3 verify return:1 depth=0 CN = stravinsky.debian.org verify return:1 --- Certificate chain 0 s:CN = stravinsky.debian.org i:C = US, O = Let's Encrypt, CN = R3 a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256 v:NotBefore: Dec 2 00:46:54 2023 GMT; NotAfter: Mar 1 00:46:53 2024 GMT 1 s:C = US, O = Let's Encrypt, CN = R3 i:C = US, O = Internet Security Research Group, CN = ISRG Root X1 a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Sep 4 00:00:00 2020 GMT; NotAfter: Sep 15 16:00:00 2025 GMT 2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1 i:O = Digital Signature Trust Co., CN = DST Root CA X3 a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256 v:NotBefore: Jan 20 19:14:03 2021 GMT; NotAfter: Sep 30 18:14:03 2024 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIGDzCCBPegAwIBAgISBLG1+0K75F9l9yqzoMGdBCvFMA0GCSqGSIb3DQEBCwUA MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD EwJSMzAeFw0yMzEyMDIwMDQ2NTRaFw0yNDAzMDEwMDQ2NTNaMCAxHjAcBgNVBAMT FXN0cmF2aW5za3kuZGViaWFuLm9yZzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC AgoCggIBALtI7AqU8JfQYct7WM69VCUQo1trInbUPVZ61i4Nmqa7nzCCw8C+4GkF +R8PQhjX3rGjK8NpLNruP+e7YbzrxR69OL9kZwXDFLhAwMn6OJ8UzoHwSeYstBLY mHxBcuy+dDVsE9oZQXFqT+mpEPGhAR8ynmzekGpfItiFLX8LmS36QKUnL4es2v3V jfhsZXNoS5dPM53nzuRaB3s2Vp7HAIxbT4PijEMTsfE0qdG3a5Qok5U/S+uE7fix A3nQbCd+qvAIb0mhoedpUmiCfBUVpWFl6NLdiJxiKTJdH2f0F8xB9l/OnE8NlpXu cqNP+wiw9AknBjH4xKYJP4BUVLlL4C5qiEvuIpAkqi4/EqHwWK+Z5njZfq7mWuSY 8fepsMiLxuMdvJCCg7T/bHrM7hFRyUewYvk/xFqYPEGW+Tv7kdwMU/CsiiGzAt6b k6hfftixOJbguLFAnKRgvNy3cB5ZQ/ehOEjGTaF952lJgDPYOnUL8iO+hd9lkPJJ JfRHpEZHUZ1U0T0vR9mEFPGF5rO5+NvlCImTyeLvVxFXdtoxVGApl9R9lxVXQHZI mGivYdPlDGpBSxwxEN9AObpl/QelL8MR5eLQfjXN86sUTR66MgtCQ4/GJs+l69Wv hFTBfGn1eDEo10I9qJVToV+5an0qWFPfH4q8/FZP/+wdEGwJgYHNAgMBAAGjggIv MIICKzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUF BwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFHn9eJOpQZ+x7hjjPihPC4UuBaxl MB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkw RzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAC hhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMDgGA1UdEQQxMC+CFm1haWwtc3VibWl0 LmRlYmlhbi5vcmeCFXN0cmF2aW5za3kuZGViaWFuLm9yZzATBgNVHSAEDDAKMAgG BmeBDAECATCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB1ADtTd3U+LbmAToswWwb+ QDtn2E/D9Me9AA0tcm/h+tQXAAABjCg1DJsAAAQDAEYwRAIgd8qYrzL27ecIMX5T VUz9bqJGIwyPsl3ke4fEy2PFPlkCIFmY9E6jXE8gFLrOVV9lFSJN6MoRWY9mYg9Z a1xNMaSqAHcA7s3QZNXbGs7FXLedtM0TojKHRny87N7DUUhZRnEftZsAAAGMKDUM rgAABAMASDBGAiEAykZgWprc6hA/rahTqXrU0jYyJKiceZly6WZGjhcfrwYCIQC4 tG+C8PJCr5QVhOU+MkNqHM2vXvZ/pOkMg8iN4oFzKzANBgkqhkiG9w0BAQsFAAOC AQEAVKPeYIZ6ed64BjO8v2rwOw3H+bDO5gO13MV79FvJrS+7T4Lkw7poUprN9Iv1 VpAgq3g8P6mAKwBgo+zi00eQjYwtP/cdMQ1KiUDdtadCAsjgopsJ/Aucdd41wMV8 wPlVh60+VdrF3xBlxLnVLydUmrnI2PYTfzH1w/b47Jh48ITFRfbnHo0oXI4rUnEA Bi4IhoGJCrSD8TyCHfeQzd1xMnIwB/Q6YAin716C3HlW486AyrlPkpSrag4YSNoW eZUF8fucmRdYFQdOXE2kAVR11YK/uPvGd+b+MyX1RAx7Bd1TFUkdOziIgTMfC9Wb bdUPIa+wZcviKUDRO45Y2Dl8NA== -----END CERTIFICATE----- subject=CN = stravinsky.debian.org issuer=C = US, O = Let's Encrypt, CN = R3 --- Acceptable client certificate CA names C = NA, ST = NA, L = Ankh Morpork, O = Debian SMTP, OU = Debian SMTP CA, CN = Debian SMTP CA, emailAddress = hostmaster@puppet.debian.org Requested Signature Algorithms: RSA+SHA256:RSA-PSS+SHA256:RSA-PSS+SHA256:ECDSA+SHA256:Ed25519:RSA+SHA384:RSA-PSS+SHA384:RSA-PSS+SHA384:ECDSA+SHA384:Ed448:RSA+SHA512:RSA-PSS+SHA512:RSA-PSS+SHA512:ECDSA+SHA512:RSA+SHA1:ECDSA+SHA1 Shared Requested Signature Algorithms: RSA+SHA256:RSA-PSS+SHA256:RSA-PSS+SHA256:ECDSA+SHA256:Ed25519:RSA+SHA384:RSA-PSS+SHA384:RSA-PSS+SHA384:ECDSA+SHA384:Ed448:RSA+SHA512:RSA-PSS+SHA512:RSA-PSS+SHA512:ECDSA+SHA512 Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 5584 bytes and written 467 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Server public key is 4096 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- 250 HELPThis looks like an 100% issue with reportbug