On Fri, Nov 06, 2015 at 03:33:24PM +0000, Jeremy Harris wrote:
> On 06/11/15 14:50, Viktor Dukhovni wrote:
> > Both appear to run Exim, the first seemingly 4.84 and the second
> > seemingly 4.80. The first MX host does not complete TLS handshakes
> > aborting mid-way. Is there a known issue of this sort in either
> > OpenSSL or GnuTLS builds of Exim 4.84, or is this some firewall
> > messing up?
>
> ... or an SSL library version issue?
Quite likely, any known GnuTLS bugs of this sort? Don't recall
anything of this ilk in OpenSSL off hand. There's not much Exim
code running mid-hashake, at most just some basic I/O marshalling.
I don't recall seeing similar connections loss before. The server
just hangs up right after the client's key exchange, change cipher
spec and finished messages. Either key agreement is failing, or
there's some network related issue.
The selected ciphersuite is:
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)
The server does not request client certificates, so unlikely to
hang-up for lack of same.
--
Viktor.
