Re: [exim] Outlook failing gnutls_handshake after resetting …

Top Page
Delete this message
Reply to this message
Author: Phil Pennock
Date:  
To: jwexler
CC: Exim-users
Subject: Re: [exim] Outlook failing gnutls_handshake after resetting up on ubuntu 9.10
On 2010-05-01 at 11:10 +0900, jwexler@??? wrote:
> Outlook 2007 produces the following error (not exact wording):
>
> Sending of test email message: does not support the encryption type supplied
> by the server. Please change the encryption method. Contact your
> administrator...


The encryption type is not connected directly to the certificate.

There's:
* versions of SSL/TLS enabled
* ciphersuites supported for the session

With OpenSSL, I'd say { openssl ciphers }. I don't know with GnuTLS
that this command matches what Exim would see, but { gnutls-serv -l }.

For instance, if on 8.04 that would include SSL2.0, but on 9.10 it
reports:
Protocols: SSL3.0, TLS1.0, TLS1.1, TLS1.2
then this might be your problem.

Separately, Exim 4.70 onwards has the option "gnutls_compat_mode", which
makes the gnutls_session_enable_compatibility_mode() call into GnuTLS.
I don't recall which clients that call exists for, but it might be worth
turning on to experiment with. It weakens the security somewhat and I'm
not in a position to state what the impact of the changes is.

I don't know what Outlook does and does not support, but hopefully this
provides some help.

-Phil