Re: [exim-dev] 4.80 final?

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MPhil Pennock at <-
MPhil Pennock at ->
Delete this message
Reply to this message
Author: Phil Pennock
Date:  
To: Wolfgang Breyha
CC: exim-dev, Jeremy Harris
Subject: Re: [exim-dev] 4.80 final?
On 2012-05-27 at 00:31 +0200, Wolfgang Breyha wrote:
> On 2012-05-26 23:25, Jeremy Harris wrote:
> >
> > Could you try applying this patch and reporting the results?
>
> I can confirm that the patch fixes the openssl s_client issue. I'm able to
> connect and negotiate a TLS session.
>
> The gnutls-cli and the thunderbird issue stays.
>
> In case of thunderbird (compiled against the same openssl 1.0.0i libs) I
> see exim logging the "A TLS packet with unexpected length was received."
> message.
>
> I also tried cyrus smtptest using the same libraries... and it works.

For clarity, you're saying:
* everything works using OpenSSL as Exim's TLS provider
* problems with GnuTLS as Exim's TLS provider
* no problem with openssl s_client against Exim/GnuTLS
* problem with gnutls-cli and thunderbird against Exim/GnuTLS

Are you using an MD5-based self-signed certificate? Remember that
GnuTLS no longer supports MD5 in certificates, since they've been proven
to be broken in real world practical attacks.

If not, does Exim 4.77 built against the same GnuTLS library work?

If it does not work in Exim 4.77 then there has been no regression and
there's a problem with how GnuTLS was built on your system.

If it is MD5 as a cause, I welcome a code suggestion for detecting this
and providing better diagnostics.

-Phil

This message was posted to the following mailing lists:
Exim-dev
Mailing List Info | Nearby Messages		<-Re: [exim-dev] 4.80 final?Re: [exim-dev] 4.80 final?->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)