Re: [exim] POODLE advisory from exim-announce

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Phil Pennock
Date:  
À: exim-users
Sujet: Re: [exim] POODLE advisory from exim-announce
On 2014-10-19 at 10:03 +0200, elrippo wrote:
> in my logs i can see, that all clients are using TLS, but if i specify that option, exim4 "stops" taking any messages.
> Please find enclosed the output of "exim -d --version"


> Exim version 4.76 #1 built 28-Dec-2012 16:49:07


This has known security issues. You're better off updating Exim to fix
known problems than worrying about POODLE and SMTP; worry about POODLE
_after_ you get Exim up-to-date.

Your OS might have backported fixes, but that build date suggests not.

> Library version: GnuTLS: Compile: 2.12.14
>                          Runtime: 2.12.14


This is older than the GnuTLS developers support, but should still
support TLS1.0 through TLS1.2.

> > > I am running exim on Ubuntu 12.04 LTS
> > >
> > > If i define "tls_require_ciphers = NORMAL:!VERS-SSL3.0"
> > >
> > > i get an error in the log and the messages are not handled...
> > > "2014-10-18 10:07:55 TLS error on connection from (user) [151.236.xxx.xxx] (gnutls_handshake): No supported cipher suites have been found."
> > >
> > > Can you advise please?
> >
> > That client only supports SSL and doesn't support TLS?
> >
> > Failing that, we need version information to go on with, so please
> > provide the output of:
> >
> >     exim -d --version


So, how have you ruled out that this is a client limitation, with a
client which doesn't support TLS?

Which clients are you trying to use?

-Phil