[exim] Avoid OpenSSL 1.0.1 for Exim, for now

Top Page
Delete this message
Reply to this message
Author: Phil Pennock
Date:  
To: exim-users
CC: exim-dev
Subject: [exim] Avoid OpenSSL 1.0.1 for Exim, for now
Folks,

OpenSSL 1.0.1 adds support for TLS1.1 and TLS1.2. It is also not
working with Exim at present!

I've added the basics of support into the git HEAD, so the next release
should support this, but there are still some issues.

You should *NOT* move to OpenSSL 1.0.1 on a production mail-system
running Exim at this time. I hope to have this resolved by the time
Exim 4.78 comes out.

I'm currently talking with the OpenSSL developers over on the
openssl-users mailing-list, trying to figure out what's happened. I
think I've narrowed down the line of code in Exim which causes things to
go horribly wrong, but don't yet know *why* it's going wrong.

Those who are interested can follow the mail-thread at your choice of
public archives:
http://marc.info/?l=openssl-users&m=133595860707033&w=2
http://www.mail-archive.com/openssl-users@openssl.org/msg67309.html
https://groups.google.com/forum/?fromgroups#!topic/mailing.openssl.users/Qh8AmrgvRc4
http://markmail.org/search/?q=openssl-users#query:openssl-users%20list%3Aorg.openssl.openssl-users%20%20+mid:2todyitmfu4ilwnr+state:results
Subject: OpenSSL 1.0.1b: TLS disabling, renegotiation, etc

Thanks,
-Phil