Re: [exim] Can't read SSL key/cert, how to debug?

Top Page
Delete this message
Reply to this message
Author: Yves Goergen
Date:  
To: Jeremy Harris, exim-users
Subject: Re: [exim] Can't read SSL key/cert, how to debug?
Am 20.12.2014 um 20:46 schrieb Jeremy Harris:
> What changed? Did the Exim version get updated, did the GnuTLS version
> get updated?


Nothing I suppose. This is a completely new server setup, with the
config migrated and updated from a previous server. There were no major
package updates in the past 3 weeks.

> Possibly you've been caught by SSLv3 now being disabled by-default?


I have no idea. Actually I'd assume that Thunderbird should have current
defaults. But I did have Thunderbird+Exim TLS issues in this setup
before. I found some settings that should be changed for Thunderbird,
related to tls version or so, and I did get it to work then. But it
still worked without these changes, so I reverted them and didn't note
what it was. Now it doesn't work again.

Actually I'd prefer a setup that doesn't require the user to modify
hidden configuration settings in the MUA so that was just a quick hack
to see if that comment I found was helpful.

But if I interpret the 'openssl s_client' output correctly, exim doesn't
offer any certificate at all now. Is this is correct indication? How
else could I verify that the server can handle SSL correctly? I don't
want to test Exim and Thunderbird at the same time, that won't give me
reliable results.

--
Yves Goergen
http://unclassified.de
http://dev.unclassified.de