[exim] [SOLVED] GnuTLS New Cert vs old(?) Libs

Top Page
Delete this message
Reply to this message
Author: Heiko Schlittermann
Date:  
To: Exim-users
Subject: [exim] [SOLVED] GnuTLS New Cert vs old(?) Libs
Heiko Schlittermann <hs@???> (Mi 21 Dez 2016 10:45:24 CET):
> Hello,
>
> some SSL experts around? I got a "legacy" Exim (4.80), linked with GNUTLS
> libgnutls.so.26 => /usr/lib/i386-linux-gnu/libgnutls.so.26, and installed new
> certificates. Now we got connection problems.
>
> A `nmap --script ssl-enum-ciphers -p T25 ...` shows:
>
>     25/tcp open  smtp
>     | ssl-enum-ciphers: 
>     |   TLSv1.1: 
>     |     ciphers: 
>     |       TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA - strong
>     |       TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA - strong
>     |     compressors: 
>     | 


Solved. Wrong certfile was installed (only the chain certs instead of
the cert + chaincerts).

My own stupidity.
Thank you.

    Best regards from Dresden/Germany
    Viele Grüße aus Dresden
    Heiko Schlittermann
-- 
 SCHLITTERMANN.de ---------------------------- internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --------------- key ID: F69376CE -
 ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -