On Mon, Jul 29, 2024 at 09:25:21AM +0200, Francois Sauterey via Exim-users
wrote:
> The response was :
>
> TLS Negotiation failed: FAILED_PRECONDITION: starttls error (71):
> 54099363978240:error:10000410:SSL
> routines:OPENSSL_internal:SSLV3_ALERT_HANDSHAKE_FAILURE:third_party/openssl/boringssl/src/ssl/tls_record.
> cc:592:SSL alert number 40 ;54099363978240:error:1000009a:SSL
> routines:OPENSSL_internal:HANDSHAKE_FAILURE_ON_CLIENT_HELLO:third_party/openssl/boringssl/src/ssl/handshake.cc:654:
>
The Google MTA is unable to establish a TLS handshake with your server,
which returns a fatal alert (40, often seen when there are no shared
ciphers, between client and server) in response to Google's TLS Client
Hello.
https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-6
The logs on your server might (should) show more detail that the bounce
report from Google.
It could well be that your server certificate does not match its public
key, or its RSA key size is too small for the security level you've
configured, or some similar footgun problem on your end.
--
VIktor.
--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscr...@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
