On Thu, Aug 27, 2015 at 08:06:16PM +0300, Evgeniy Berdnikov wrote: > On Thu, Aug 27, 2015 at 02:44:40PM +0000, Viktor Dukhovni wrote: > > I just tried: > > > > $ posttls-finger ringways.co.uk > > posttls-finger: Connected to mail.ringways.co.uk[88.211.105.31]:25 > ... > > posttls-finger: < 220 TLS go ahead > > posttls-finger: SSL_connect error to > > mail.ringways.co.uk[88.211.105.31]:25: Connection timed out > > > > Are you using /dev/random, rather than /dev/urandom for entropy? > > I tried "openssl s_client -connect mail.ringways.co.uk:25 -starttls smtp" > with -tls1_1 and -tls1_2 options. The first option leads to very quick > connect, tls handhaske and server prompt, the second leads to hangup > after ClientHello.
Also checked with "gnutls-cli --starttls-proto=smtp -p 25 --insecure --priority=[vary] mail.ringways.co.uk". With priority value "NORMAL" and "PERFORMANCE" it hangs, with "SECURE128" and "SECURE256" works. Anyone may dig futher, I stopped here. > I don't know whether the difference between TLS protocol versions is > related to usage of kernel random/urandom interfaces by crypto libs. > -- -- Eugene Berdnikov -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
