Re: [Exim] Eudora and tls_try_verify_hosts

Góra strony
Delete this message
Reply to this message
Autor: Bob Amen
Data:  
Dla: Tony Finch
CC: exim-users
Temat: Re: [Exim] Eudora and tls_try_verify_hosts
Tony Finch wrote:

> There's a comment in the Exim source about OpenSSL interoperability bug
> workarounds:
>
> /* Enable client-bug workaround.
>    Versions of OpenSSL as of 0.9.6d include a "CBC countermeasure" feature,
>    which causes problems with some clients (such as the Certicom SSL Plus
>    library used by Eudora).  This option, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS,
>    disables the coutermeasure allowing Eudora to connect.
>    Some poppers and MTAs use SSL_OP_ALL, which enables all such bug
>    workarounds. */

>
> However the list of workarounds doesn't seem to include one for this
> Eudora problem -- see
> http://www.openssl.org/docs/ssl/SSL_CTX_set_options.html


    The (just released) version 6.1.1 of Eudora now works with OpenSSL. We
complained long and loud about it not working with OpenSSL as we had
just purchased a boat load of licenses and then couldn't use them. They
finally got an updated library from their supplier and rebuilt with it.
We downloaded it yesterday and tested it just now with OpenSSL 0.9.7 and
it works.


Cheers,
Bob
--
                Bob Amen
                O'Reilly Media, Inc.
                http://www.ora.com/
              http://www.oreilly.com/