Re: [exim-dev] [exim] Exim 4.80 RC7 uploaded

Top Page
Delete this message
Reply to this message
Author: Marc Perkel
Date:  
To: Phil Pennock, exim-dev
Subject: Re: [exim-dev] [exim] Exim 4.80 RC7 uploaded
Yes - setting it at connect time. It's definitely set. Thus I'm confused.

On 5/29/2012 6:19 AM, Phil Pennock wrote:
> I have uploaded Exim 4.80 RC7 to:
>          ftp://ftp.exim.org/pub/exim/exim4/test/

>
> There have been no bug-fixes since the last release! It appears we're
> getting very close. (Okay, typos in comments are bugs, I suppose).
>
> Unfortunately, I realised that one change which was supposed to be in
> the new release was sitting in a non-integrated branch. This is my
> fault entirely. It's a very trivial *code* change, so I'm confident in
> the code, but it is a change, so a new RC.
>
> We now disable SSLv2 by default, for OpenSSL. GnuTLS does not support
> SSLv2 (and never has), so this only affects OpenSSL. This brings us
> into compliance with RFC 6176 and improves the default security of the
> install by finally getting rid of the possibility of a bunch of attacks
> fixed many years ago in SSLv3. Some informal surveys I did suggested
> that there is *no* SSLv2 used for talking SMTP any more.
>
> If you grep your logs for "X=SSLv2:" and find something, you may wish to
> override the default (and work hard to fix the affected broken client,
> as OpenSSL is edging closer to dropping support for SSLv2; it's already
> a build option).
>
> Kurt Jaeger wrote a script for analysing Exim logs to report a breakdown
> of SSL/TLS protocols/ciphers in use, which may help reassure the nervous:
>    http://opsec.eu/src/tlstype

>
> Other than this feature, almost all reports are coming back that RC6
> works great. There's one complaint, so far singularly lacking in
> credible detail, so I'm going to hold a couple of days longer, just in
> case anything comes of that. I currently expect to release Exim 4.80
> this coming Thursday.
>
> Thank you for your patience with this stream of Release Candidates. I
> opened a large can of worms by delving into the SSL/TLS support; it
> needed to be opened, but that hasn't made the resulting situation
> pleasant.
>
>
> The ChangeLog/NewStuff/README.UPDATING can be reviewed at:
>
>    http://git.exim.org/exim.git/blob/exim-4_80_RC6:/src/README.UPDATING
>    http://git.exim.org/exim.git/blob/exim-4_80_RC6:/doc/doc-txt/NewStuff
>    http://git.exim.org/exim.git/blob/exim-4_80_RC6:/doc/doc-txt/ChangeLog

>
> The files are signed with the PGP key 0x3903637F, which has a uid
> "Phil Pennock<pdp@???>". Please use your own discretion in
> assessing what trust paths you might have to this uid.
>
> Checksums below. Detached PGP signatures in .asc files are available
> alongside the tarballs.
>
> Please report issues in reply to this email, on exim-users.
>
> Thank you for your testing and feedback,
> -Phil Pennock, pp The Exim Maintainers.
>
> SHA256(exim-4.80_RC7.tar.bz2)= 4a0127158e7be3b45dd72f827298cd334dfaedf5f0602eba64aaf45d9764ddd2
> SHA256(exim-4.80_RC7.tar.gz)= dc765d480fe3d208703fbb4fbc12bbe25caec8e6777f411c370a62cc68d6a631
> SHA256(exim-html-4.80_RC7.tar.bz2)= d02a7ca2ec1e4bba51f9c53eea8475418a9424cb0804d7c714257d6e3fddd1f4
> SHA256(exim-html-4.80_RC7.tar.gz)= c792bc6f54b4c1a0a14f7d12a1c1ed0b67725f33ffb78d0ab72379241fc9188d
> SHA256(exim-pdf-4.80_RC7.tar.bz2)= 4ecb5081b8a58ddbb8e85fe195e6fbc3837f42faa99e20cdec6787489e46b9ea
> SHA256(exim-pdf-4.80_RC7.tar.gz)= fac1df49945a8c6ad398e4408eb4cb2511673230eb0a805100c4da7304f42b11
> SHA256(exim-postscript-4.80_RC7.tar.bz2)= 07ca522ff96e27460263d31a6135c05478faa94a5e6770c0793f654c9e6abfff
> SHA256(exim-postscript-4.80_RC7.tar.gz)= 32195c294b33b6b064a07ee621f7b4aedbdd6b4047d822d710b697492377fb48
>
> SHA1(exim-4.80_RC7.tar.bz2)= 3744586866919182965300b1512bc02032c0df48
> SHA1(exim-4.80_RC7.tar.gz)= 122e63902cc60be6c711745f8da8a66f804d8173
> SHA1(exim-html-4.80_RC7.tar.bz2)= fe38c63ed195cd43a359f4c795c600ee7e092c2e
> SHA1(exim-html-4.80_RC7.tar.gz)= 6d25c728ef62f5aba9df0792e3a9a02ddbb51389
> SHA1(exim-pdf-4.80_RC7.tar.bz2)= 84a32228ba455401b301789722bc5f3f47fe1826
> SHA1(exim-pdf-4.80_RC7.tar.gz)= 24aa09cd6e8b1043255cf2e8a28eb7209bf0d8f6
> SHA1(exim-postscript-4.80_RC7.tar.bz2)= 7ec04c2bf5bad769433fa1e4a175ce5cad2f2b77
> SHA1(exim-postscript-4.80_RC7.tar.gz)= c22b6552ecfb5fa2d14aa625395cc2dfd942122b
>
>
>