Hi all,
since Fedora switched to openssl 3 (3.0.5 atm) we encounter these messages:TLS session: (SSL_connect): error:0A000152:SSL routines::unsafe legacy renegotiation disabled
This is connected to a 2009 CVE against common SSL libs ( nss, openssl etc.) using an insecure form of handshake.
All faulty external mailserver have in common, that they are not up2date, as they at least do not offer TLS 1.3 encryption.
On was even TLS 1.0 only ..The question "if OpenSSL 3 is buggy or not" is under investigation atm. There is a workaround for the issue, but it involves introducing MITM attackvectors and we don't won't this, don't we? :) (if you need to know throw me a mail).
best regards, Marius
OpenPGP_0x048770A738345DD3.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
-- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/