[exim-dev] [Bug 1455] tls_out_cipher or tls_cipher is empty

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Andreas Metzler
Datum:  
To: exim-dev
Alte Treads: [exim-dev] [Bug 1455] New: tls_out_cipher is empty
Betreff: [exim-dev] [Bug 1455] tls_out_cipher or tls_cipher is empty
------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=1455




--- Comment #9 from Andreas Metzler <eximusers@???> 2014-04-20 14:20:18 ---
On 2014-04-20 Jeremy Harris <jgh@???> wrote:
> On 20/04/14 07:46, Andreas Metzler wrote:
> >On the outgoing connection $tls_cipher expands to the same content as
> >$tls_out_cipher which is expected and wanted. However there is also an
> >unwanted change: tls_out_cipher is suddenly *nonempty*, it has gone
> >persistant, recording the tls-information as of message receipt.


> To clarify, you're seeing tls_out_cipher non-empty during a non-tls
> outbound transport?


Hello.
I see clarification is dearly needed, there was typo, sorry.
------------------------
On the outgoing connection $tls_cipher expands to the same content as
$tls_out_cipher which is expected and wanted. However there is also an
unwanted change: tls_in_cipher is suddenly *nonempty*, it has gone
                     ^^
persistant, recording the tls-information as of message receipt:
------------------------


Let me illustrate this.
Without patch:
X-TLS-info-rcpt: [tls_out_cipher  ] [tls_in_cipher
        TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256 ] [tls_cipher
        TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256 ]
X-TLS-info-out: [tls_out_cipher TLS1.2:RSA_AES_128_CBC_SHA1:128 ]
        [tls_in_cipher  ] [tls_cipher  ]


With patch:
X-TLS-info-rcpt: [tls_out_cipher  ] [tls_in_cipher
        TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256 ] [tls_cipher
        TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256 ]
X-TLS-info-out: [tls_out_cipher TLS1.2:RSA_AES_128_CBC_SHA1:128 ]
        [tls_in_cipher TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256 ] [tls_cipher
        TLS1.2:RSA_AES_128_CBC_SHA1:128 ]


I am not doing callouts or something like this, so afaiui
tls_in_cipher should be empty in X-TLS-info-out.

cu Andreas


--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email