[exim-dev] [Bug 2255] TLS/SSL issue after upgading to 4.90

Top Page
Delete this message
Reply to this message
Author: admin
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 2255] TLS/SSL issue after upgading to 4.90
https://bugs.exim.org/show_bug.cgi?id=2255

tomputer <exim@???> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |exim@???


--- Comment #6 from tomputer <exim@???> ---
Hi,

We are also experiencing the same problem after upgrading from 4.89 to 4.90.

Software versions are:
- Microsoft Outlook 2016 MSO (16.0.9029.2106)
- Exim version 4.90_1

The workaround with different server names for incoming and outgoing servers
works. It looks like the client caches something (TLS session?) for the server
name, either from the incoming our outoing connection.

We are not able to reproduce this with Swaks (Debian) or Apple Mail (macOS and
iOS) so it may be a Windows/Outlook specific issue.

Exim debug log (real names and IP's are masked):
9919 SMTP>> 250-server.example.com Hello customer.direct-adsl.nl [11.11.11.11]
9919 250-SIZE 52428800
9919 250-8BITMIME
9919 250-PIPELINING
9919 250-AUTH PLAIN LOGIN
9919 250-STARTTLS
9919 250 HELP
9919 SMTP<< STARTTLS
9919 openssl option, adding from 1104000: 1000000 (no_sslv2 +no_sslv3)
9919 openssl option, adding from 1104000: 2000000 (no_sslv3)
9919 setting SSL CTX options: 0x3104000
9919 Diffie-Hellman initialized from default with 2048-bit prime
9919 ECDH OpenSSL < 1.0.2: temp key parameter settings: overriding "auto" with
"prime256v1"
9919 ECDH: curve 'prime256v1'
9919 ECDH: enabled 'prime256v1' curve
9919 tls_certificate file /etc/exim.pem
9919 tls_privatekey file /etc/exim.pem
9919 Initialized TLS
9919 required ciphers:
ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-$
9919 host in tls_verify_hosts? no (option unset)
9919 host in tls_try_verify_hosts? no (option unset)
9919 SMTP>> 220 TLS go ahead
9919 Calling SSL_accept
9919 SSL info: before/accept initialization
9919 SSL info: before/accept initialization
9919 Received TLS SNI "server.example.com" (unused for certificate selection)
9919 SSL info: SSLv3 read client hello A
9919 SSL info: SSLv3 write server hello A
9919 SSL info: SSLv3 write certificate A
9919 SSL info: SSLv3 write server done A
9919 SSL info: SSLv3 flush data
9919 SSL info: SSLv3 read client certificate A
9919 LOG: MAIN
9919 TLS error on connection from customer.direct-adsl.nl (PC) [11.11.11.11]
(SSL_accept): error:00000000:lib(0):func(0):reason(0)
9919 TLS failed to start
9919 LOG: smtp_connection MAIN
9919 SMTP connection from customer.direct-adsl.nl (PC) [11.11.11.11] closed
by EOF
9919 search_tidyup called
9919 SMTP>>(close on process exit)

--
You are receiving this mail because:
You are on the CC list for the bug.