[exim-dev] [Bug 1455] tls_out_cipher or tls_cipher is empty

Top Page
Delete this message
Reply to this message
Author: Andreas Metzler
Date:  
To: exim-dev
Old-Topics: [exim-dev] [Bug 1455] New: tls_out_cipher is empty
Subject: [exim-dev] [Bug 1455] tls_out_cipher or tls_cipher is empty
------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=1455




--- Comment #4 from Andreas Metzler <eximusers@???> 2014-04-05 13:44:32 ---
I am pretty much aware that I seem to be talking with myself here, but let's
ask anyway: Is it really ok that exim 4.82 broke compatibility with
configuration files for < 4.82, and is it ok that this was not even documented?

Quoting expand.c:
/* The non-(in,out) variables are now deprecated */
[...]
{ "tls_cipher",          vtype_stringptr,   &tls_in.cipher },
---------------------------------------------------------------


Which I understand to say that the meaning of $tls_cipher expansion was changed
to be an alias for tls_in_cipher (instead of the merge of in and out) and is
therefore only filled on incoming connections.

This broke real-world configurations, especially the common

public_name = PLAIN
# do not send plaintext passwords on unencrypted connections.
client_condition = ${if !eq {$tls_out_cipher}{}}

spec.xftpf still says otherwise:
"The deprecated &$tls_cipher$& variable is the same as &$tls_in_cipher$& during
message reception, but in the context of an outward SMTP delivery taking place
via the &(smtp)& transport becomes the same as &$tls_out_cipher$&."


--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email