Re: [exim] Can't do TLS between two exim 4.80

Sun, 10 Nov 2013 00:58:17 -0800 

On Sat, Nov 09, 2013 at 08:54:51PM +0400, Evgeniy Berdnikov wrote:
> On Sat, Nov 09, 2013 at 05:03:49PM +0100, Cyborg wrote:
> > Am 09.11.2013 14:04, schrieb Andreas Metzler:
> > >openssl s_client -starttls smtp -crlf -connect smtp.merlins.org:587
> > 
> > It's not working for you, but for me it is.
> 
>  With -tls1_1 connection is started normally, with -tls1_2 this server
>  silently closes connection immediately after ClientHello[version:3.3].
>  Hope this helps to bisect.
> -- 
>  Eugene Berdnikov
> 
On Sat, Nov 09, 2013 at 10:59:04PM +0000, Viktor Dukhovni wrote:
> On Fri, Nov 08, 2013 at 09:34:12AM -0800, Marc MERLIN wrote:
> 
> > But I'm guessing the problem is on the client, so here's how it's linked:
> 
> I can reproduce the problem with a Postfix client, the problem
> seems to be on the server.  If I don't disable TLSv1.2 the server
> hangs up after the client HELLO.
> 
> This happens even with an SSLv2 HELLO, so it is something about
> the client cipherlist, not the TLS extensions.

Thank you all for the debugging info.

This is what my binary from debian uses:
magic:~# ldd /usr/sbin/exim4  |grep tls
        libgnutls.so.26 => /usr/lib/i386-linux-gnu/libgnutls.so.26 (0xb6afe000)

Seems there there is a newer version of 2.6 in debian:
Preparing to replace libgnutls26 2.12.20-2 (using 
.../libgnutls26_2.12.23-8_i386.deb) ...
Unpacking replacement libgnutls26 ...
(that's the latest in debian testing/unstable)

Mmmh, but unfortunately upgrading this and restarting exim4 didn't help, I 
still get
  SMTP<< 220 TLS go ahead
LOG: MAIN
  TLS error on connection to 209.81.13.136 [209.81.13.136] (gnutls_handshake): 
A TLS packet with unexpected length was received.
LOG: MAIN

I'm assuming it's not broken for everyone on debian, what other packages do you 
think
might be broken/out of date/missing?

I know I can recompile exim4 to use openssl, but I would much rather
stick to the stock debian packages.

Currently I have
ii  exim4-daemon-heavy   4.80-6  

Thanks,
Marc
-- 
"A mouse is a device used to point at the xterm you want to type in" - A.S.R.
Microsoft is to operating systems ....
                                      .... what McDonalds is to gourmet cooking
Home page: http://marc.merlins.org/                         | PGP 1024R/763BE901

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Reply via email to