Re: [exim] GnuTLS / OpenSSL interop problems

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Jasen Betts
Date:  
À: exim-users
Sujet: Re: [exim] GnuTLS / OpenSSL interop problems
On 2014-03-03, Tony Finch <dot@???> wrote:
> I have receved a number of reports recently of TLS interop probblems
> between Exim+OpenSSL and Exim+GnuTLS. Is anyone else seeing anything
> similar?


McAfee email firewall appliances also hate gnutls. But retrying delivery
(sometimes more than 20 times) is sufficient to get success.

> GnuTLS clients connecting to send mail see something like:
>
> 2014-02-27 15:50:14 1WJ2vo-0004Gf-4W
>     TLS error on connection to ppsw.cam.ac.uk [131.111.8.137] (recv):
>     A TLS fatal alert has been received.: Bad record MAC


Coming from the gnutls side that's what I'm seeing.

> There are some suggestions online that this might be related to GnuTLS's
> random record padding, but I thought the problems with that had been
> fixed.


I am no wiser. Except that retrying always works if done enough. This
points towards something variable.


--
Neither the pheasant plucker, nor the pheasant plucker's son.