Author: Phil Pennock Date: To: jwexler CC: Exim-users Subject: Re: [exim] Outlook failing gnutls_handshake after resetting up on
ubuntu 9.10
On 2010-05-01 at 11:10 +0900, jwexler@??? wrote: > Outlook 2007 produces the following error (not exact wording):
>
> Sending of test email message: does not support the encryption type supplied
> by the server. Please change the encryption method. Contact your
> administrator...
The encryption type is not connected directly to the certificate.
There's:
* versions of SSL/TLS enabled
* ciphersuites supported for the session
With OpenSSL, I'd say { openssl ciphers }. I don't know with GnuTLS
that this command matches what Exim would see, but { gnutls-serv -l }.
For instance, if on 8.04 that would include SSL2.0, but on 9.10 it
reports:
Protocols: SSL3.0, TLS1.0, TLS1.1, TLS1.2
then this might be your problem.
Separately, Exim 4.70 onwards has the option "gnutls_compat_mode", which
makes the gnutls_session_enable_compatibility_mode() call into GnuTLS.
I don't recall which clients that call exists for, but it might be worth
turning on to experiment with. It weakens the security somewhat and I'm
not in a position to state what the impact of the changes is.
I don't know what Outlook does and does not support, but hopefully this
provides some help.
