Re: [exim] TLS problems of late

Top Page
Delete this message
Reply to this message
Author: David Woodhouse
Date:  
To: Phil Pennock
CC: exim-users, Warren Baker
Subject: Re: [exim] TLS problems of late
On Thu, 2013-03-07 at 18:27 -0500, Phil Pennock wrote:
>
> If you get a chance, could you try running an Exim which does *not*
> disable any TLS protocols, but export into its environ at startup:
>
> OPENSSL_ia32cap=~0x200000200000000
>
> ?
>
> My knowledge of the special OpenSSL capabilities environment variables
> is limited to "they exist" and "I can probably find clues to the bits in
> the source", so the above suggestion is pure cargo-cult from the Debian
> bug.


It's disabling the AESNI instruction in newer Intel CPUs.

I'd be very interested to see the contents of /proc/cpuinfo from
machines which are having this problem. And also from those which *have*
AESNI support (grep aes /proc/cpuinfo) but don't have the problem.

Bonus points for giving me a login on an affected machine.
http://david.woodhou.se/authorized_keys {,.asc}

--
dwmw2