On Fri, Mar 8, 2013 at 1:27 AM, Phil Pennock <pdp@???> wrote:
>
> Might not be MS.
>
> It looks like OpenSSL's AES-NI problems may be ongoing, and there's a
> Debian bug which looks suspiciously similar, and has led to an
> openssl-dev discussion:
>
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=678353#10
>
> If you get a chance, could you try running an Exim which does *not*
> disable any TLS protocols, but export into its environ at startup:
>
> OPENSSL_ia32cap=~0x200000200000000
>
> ?
>
>
Apologies for the delay in responding. This doesn't make any difference.
The CPU I am using is not AESNI capable, not sure what the remote side is
like.
CPU Features:
Intel(R) Xeon(R) CPU E5504 @ 2.00GHz (1995.01-MHz K8-class CPU) Origin =
"GenuineIntel" Id = 0x106a5 Family = 6 Model = 1a Stepping = 5
Features=0xbfebfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE>
Features2=0x9ce3bd<SSE3,DTES64,MON,DS_CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,DCA,SSE4.1,SSE4.2,POPCNT>
I have tested against a Exim 4.80 host and a Postfix host with the same
results.
I see this thread,
https://bugzilla.redhat.com/show_bug.cgi?id=918981,
suggests that exporting the above environ for his AESNI enabled CPU fixed
his problem.
> My knowledge of the special OpenSSL capabilities environment variables
> is limited to "they exist" and "I can probably find clues to the bits in
> the source", so the above suggestion is pure cargo-cult from the Debian
> bug.
>
> If you can manage to make things not-fail with just that environment
> variable, or want to help more generally, then you might look at:
>
> http://rt.openssl.org/Ticket/Display.html?id=3002
> login: guest/guest
>
> and perhaps comment on the openssl-dev mailing-list if you're prepared
> to help diagnose more about what's happening?
>
Sure I'll look into it tomorrow. Thanks for your time on this issue Phil.
--
.warren
