Re: [exim] TLS error when configuring exim for STARTTLS

Top Page
Delete this message
Reply to this message
Author: Viktor Dukhovni
Date:  
To: exim-users
Subject: Re: [exim] TLS error when configuring exim for STARTTLS
On Sun, Mar 22, 2015 at 08:59:39AM +0000, Jeremy Harris wrote:

> On 19/03/15 01:09, Tom Vernon wrote:
> >2015-03-19 00:04:02 TLS error on connection from (ME) [xx.xx.xx.xx]
> >(SSL_accept): error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown
> >protocol
>
> Sounds like an ssl protocol version issue.


Almost always, "unknown protocol" means that the data received was
not a TLS client HELLO at all, but rather some cleartext or other
data that is not a TLS handshake (in some rare cases a malformed
TLS record-layer packet due to implementation bugs).

>From ssl/s23_srvr.c:


    if ((type < 1) || (type > 3)) {
        /* bad, very bad */
        SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_UNKNOWN_PROTOCOL);
        goto err;
    }


The point of the code sample, is that the protocol is not any
plausible SSL/TLS version that's ever been defined.

-- 
    Viktor.