Re: [exim] Exim + grsecurity + ssl = dos

Top Page
This message is part of the following thread:
M-+\the complete thread tree sorted by date
M\MMJeremy Harris at <-
MM.MSamuel at ->
Delete this message
Reply to this message
Author: Samuel
Date:  
To: exim-users
Subject: Re: [exim] Exim + grsecurity + ssl = dos

Le 01/06/2016 à 11:14, Renaud Allard a écrit :
>
> On 05/31/2016 07:44 PM, Samuel wrote:
>> Hi,
>>
>> Last night, Exim stoped working for few seconds (no response) and I see
>> a strange things in my logs :
>>
>> /var/log/exim4/mainlog :
>>
>> 2016-05-31 05:55:44 TLS error on connection from
>> researchscan258.eecs.XXXX.edu (eecs.XXXX.edu) [1XX.212.XXX.3]
>> (gnutls_handshake): Could not negotiate a supported cipher suite.
>> 2016-05-31 05:55:44 H=researchscan258.eecs.XXXX.edu (eecs.XXXX.edu)
>> [1XX.212.XXX.3] Warning: erreur : tls-failed
>>
>> So if I understand well, A special craft ssl request can cause DOS on
>> Exim on Grsecurity kernel ?
>>
>> This is the first time I see this logs.
>>
>> What can I do to stop this ?
> Easy way: disable CONFIG_GRKERNSEC_BRUTE in your kernel

I would like to avoid disable it if possible ...

> Harder way: enable signal logging to see what triggers the bruteforce
> prevention.

It seems to be yet enable, but can't find where logs are ...

cat /proc/sys/kernel/grsecurity/signal_logging
1

Thanks for your help.

Samuel.

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Exim + grsecurity + ssl = dosRe: [exim] Exim + grsecurity + ssl = dos->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)