On 2013-11-08 at 09:34 -0800, Marc MERLIN wrote:
> Against my own server I get:
> 09:15:27 31428 SMTP<< 220 TLS go ahead
> 09:15:27 31428 initialising GnuTLS as a client on fd 7
> 09:15:27 31428 GnuTLS global init required.
> 09:15:27 31428 initialising GnuTLS client session
> 09:15:27 31428 Expanding various TLS configuration options for session credentials.
> 09:15:27 31428 TLS: no client certificate specified; okay
> 09:15:27 31428 TLS: tls_verify_certificates not set or empty, ignoring
> 09:15:27 31428 GnuTLS using default session cipher/priority "NORMAL"
> 09:15:27 31428 Setting D-H prime minimum acceptable bits to 1024
> 09:15:27 31428 TLS: server certificate verification not required
> 09:15:27 31428 LOG: MAIN
> 09:15:27 31428 TLS error on connection to 209.81.13.136 [209.81.13.136] (gnutls_handshake): A TLS packet with unexpected length was received.
> 09:15:27 31428 ok=0 send_quit=0 send_rset=1 continue_more=0 yield=1 first_address is not NULL
>
> If you'd like to poke at it, that's 209.81.13.136 port 587
Found it. Your self-signed cert is using MD5. "md5WithRSAEncryption".
Used openssl s_client, -tls1, to grab the cert, ran through openssl x509
to convert, and:
----------------------------8< cut here >8------------------------------
Signature Algorithm: md5WithRSAEncryption
Issuer: C=US, ST=California, L=Silicon Valley, O=Linux Geeks Incorporated, OU=merlins.org, CN=Marc MERLIN/emailAddress=marc_cert@???
Validity
Not Before: Aug 18 22:36:10 2002 GMT
[...]
----------------------------8< cut here >8------------------------------
Per the Exim README.UPDATING notes around GnuTLS changes in 4.80:
----------------------------8< cut here >8------------------------------
Note that by default, GnuTLS will not accept RSA-MD5 signatures in chains.
A tls_require_ciphers value of NORMAL:%VERIFY_ALLOW_SIGN_RSA_MD5 may
re-enable support, but this is not supported by the Exim maintainers.
Our test suite no longer includes MD5-based certificates.
----------------------------8< cut here >8------------------------------
In more detail: Exim used to use very low-level controlling primitives
for GnuTLS, in what is now a deprecated API, because Exim was one of the
first applications to use that library and the support for better
control by GnuTLS itself wasn't there. So Exim continued to
force-enable MD5 long past its best-before date. When we switched to
GnuTLS's higher-level API, we got significantly expanded ciphersuite
support, more sophisticated controls, and lost MD5 being silently
supported. I decided to regard this as a feature, and documented it,
instead of fighting it.
-Phil
