On Fri, Dec 27, 2013 at 03:28:46PM -0600, Bobber wrote:
> >=== TLS started w/ cipher DES-CBC3-SHA
> >=== TLS peer subject DN="/C=US/ST=Missouri/L=Saint Louis/O=The
> >Lawrence Group/OU=IT/OU=Terms of use at www.verisign.com/rpa
> >(c)05/CN=mail.thelawrencegroup.com"
There's your problem! This server (likely Exchange 2003) has a
broken implementation of 3DES CBC padding (search Postfix users
archives for my posts on the subject), and your cipher list is
either long enough to cause it to not see RC4-SHA and RC4-MD5 or
you've disabled RC4 (directly, or by only enabling HIGH grade
ciphers).
Exchange 2003 servers can't do better than RC4-SHA.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
