On 2012-05-27 at 00:31 +0200, Wolfgang Breyha wrote: > On 2012-05-26 23:25, Jeremy Harris wrote: > > > > Could you try applying this patch and reporting the results? > > I can confirm that the patch fixes the openssl s_client issue. I'm able to > connect and negotiate a TLS session. > > The gnutls-cli and the thunderbird issue stays. > > In case of thunderbird (compiled against the same openssl 1.0.0i libs) I > see exim logging the "A TLS packet with unexpected length was received." > message. > > I also tried cyrus smtptest using the same libraries... and it works.
For clarity, you're saying: * everything works using OpenSSL as Exim's TLS provider * problems with GnuTLS as Exim's TLS provider * no problem with openssl s_client against Exim/GnuTLS * problem with gnutls-cli and thunderbird against Exim/GnuTLS Are you using an MD5-based self-signed certificate? Remember that GnuTLS no longer supports MD5 in certificates, since they've been proven to be broken in real world practical attacks. If not, does Exim 4.77 built against the same GnuTLS library work? If it does not work in Exim 4.77 then there has been no regression and there's a problem with how GnuTLS was built on your system. If it is MD5 as a cause, I welcome a code suggestion for detecting this and providing better diagnostics. -Phil -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
