Re: [exim] TLS error on connection

Top Page
Delete this message
Reply to this message
Author: Gary Stainburn
Date:  
To: exim-users
Subject: Re: [exim] TLS error on connection
On Thursday 27 August 2015 17:54:30 Viktor Dukhovni wrote:
> On Thu, Aug 27, 2015 at 05:22:16PM +0100, Gary Stainburn wrote:
> > Is there a simple way for a simple admin like me to get round this
> > problem?
>
> Do you have a /dev/urandom? Is Exim linked with OpenSSL or GnuTLS?
>
> I would expect OpenSSL to internally use /dev/urandom by default.
>
> I don't know whether Exim explicitly uses /dev/random in some
> configurations that include your server setup. Postfix explicitly
> seeds the OpenSSL PRNG from /dev/urandom by default.
>
>     http://www.postfix.org/postconf.5.html#tls_random_source

>
> --
>     Viktor.


AFAIK I haven't changed anything that would affect this in the configs that
I've merged from the old server. I've had a look but can't find anything.

Here is what I see on my server. Regarding what EXIM is linked against, I
have used the standard RPMs as installed.

In case my config file has affected this, I've posted a sanitised version of
it at:

http://www.stainburn.com/exim_tidy.conf

[root@ollie2 ~]# ll /dev/*random
crw-rw-rw- 1 root root 1, 8 Aug 26 09:35 /dev/random
crw-rw-rw- 1 root root 1, 9 Aug 26 09:35 /dev/urandom
[root@ollie2 ~]# rpm -qa|grep -i ssl
pyOpenSSL-0.13.1-3.el7.x86_64
perl-Net-SSLeay-1.55-3.el7.x86_64
perl-IO-Socket-SSL-1.94-3.el7.noarch
openssl-libs-1.0.1e-42.el7.9.i686
python-backports-ssl_match_hostname-3.4.0.2-4.el7.noarch
perl-Crypt-OpenSSL-Bignum-0.04-18.el7.x86_64
perl-Net-SMTP-SSL-1.01-13.el7.noarch
perl-Crypt-OpenSSL-Random-0.04-21.el7.x86_64
perl-Crypt-OpenSSL-RSA-0.28-7.el7.x86_64
openssl-1.0.1e-42.el7.9.x86_64
openssl-libs-1.0.1e-42.el7.9.x86_64
[root@ollie2 ~]# rpm -qa|grep -i tls
gnutls-3.3.8-12.el7_1.1.x86_64
[root@ollie2 ~]#




--
Gary Stainburn
Group I.T. Manager
Ringways Garages
http://www.ringways.co.uk