Author: Phil Pennock Date: To: Warren Baker CC: exim-users Subject: Re: [exim] TLS problems of late
On 2013-02-26 at 16:53 +0200, Warren Baker wrote: > On Mon, Feb 25, 2013 at 1:00 PM, Phil Pennock <exim-users@???> wrote:
> >
> > Try adding in +no_tlsv1_1 and +no_tlsv1_2 -- if this fixes it, then it
> > looks like MS bugs around the use of TLS1.1/TLS1.2.
>
> Thanks Phil, using +no_tlsv1_1 did the job. So a setting of
> openssl_options = -all +no_tlsv1_1 is working fine and I havent seen
> any problems for the last 12 hours or so.
> When you refer to MS bugs around the use of TLS1.1/TLS1.2 are you
> referring to MS exchange servers and Exim talking to them using TLS?
MS Exchange servers and interop with OpenSSL.
*sigh*
There's no good solution here going forward, other than to limit things
to TLS1.0 (which has had a longer history to shake loose issues) unless
and until there's a positive indication of the remote server supporting
something better and doing it right. Perhaps something in the DANE/MX
stuff.