On Thu, 2013-03-07 at 18:27 -0500, Phil Pennock wrote:
>
> If you get a chance, could you try running an Exim which does *not*
> disable any TLS protocols, but export into its environ at startup:
>
> OPENSSL_ia32cap=~0x200000200000000
>
> ?
>
> My knowledge of the special OpenSSL capabilities environment variables
> is limited to "they exist" and "I can probably find clues to the bits in
> the source", so the above suggestion is pure cargo-cult from the Debian
> bug.
It's disabling the AESNI instruction in newer Intel CPUs.
I'd be very interested to see the contents of /proc/cpuinfo from
machines which are having this problem. And also from those which *have*
AESNI support (grep aes /proc/cpuinfo) but don't have the problem.
Bonus points for giving me a login on an affected machine.
http://david.woodhou.se/authorized_keys {,.asc}
--
dwmw2