On Fri, Sep 30, 2022 at 06:02:35PM +0100, Jeremy Harris via Exim-users wrote: > On 30/09/2022 16:46, Viktor Dukhovni via Exim-users wrote: > >> 00C0C60008000000:error:0A0C0103:SSL > >> routines:tls_process_key_exchange:internal > >> error:ssl/statem/statem_clnt.c:2254: > >> > >> I'll try to find some time to file a bug. Feel free to beat me to it. > > > Actually, this is expected behaviour: > > > > https://github.com/openssl/openssl/issues/15335#issuecomment-843843617 > > Including that error line? > > > No obvious difference with that "ciphers" :- > > 17:39:23 59777 SMTP>> 220 TLS go ahead > 17:39:23 59777 Calling SSL_accept > 17:39:23 59777 SSL hshake_start: before SSL initialization > 17:39:23 59777 SSL SSL_accept,state_chg: before SSL initialization > 17:39:23 59777 SSL SSL_accept,state_chg: before SSL initialization > 17:39:23 59777 SSL write,alert fatal:protocol version > 17:39:23 59777 SSL SSL_accept,hshake_exit: error in error > 17:39:23 59777 TLS error '(SSL_accept): error:100C0102:BIO routines::passed a > null parameter'
Do you also have a TLS version floor? "protocol version" sure sounds like it. Anyway, this is perhaps a distraction from the GnuTLS issue, which you've identifies IIRC (SSL 3.0-compatible handshake with no TLS extensions fails against Exim + GnuTLS as reported). -- Viktor. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/