Autor: David Woodhouse Data: A: Phil Pennock CC: exim-users, Warren Baker Assumpte: Re: [exim] TLS problems of late
On Tue, 2013-02-26 at 22:23 -0500, Phil Pennock wrote: >
> > When you refer to MS bugs around the use of TLS1.1/TLS1.2 are you
> > referring to MS exchange servers and Exim talking to them using TLS?
>
> MS Exchange servers and interop with OpenSSL.
>
> *sigh*
>
> There's no good solution here going forward, other than to limit things
> to TLS1.0 (which has had a longer history to shake loose issues) unless
> and until there's a positive indication of the remote server supporting
> something better and doing it right. Perhaps something in the DANE/MX
> stuff.
Do you have a reference for the specific problem, and the name of a
publicly accessible Exchange server which manifests it?
I'm assuming it's a Microsoft bug? Has anyone looked at making OpenSSL
detect/work around it? What about GnuTLS?