[exim-dev] [Bug 2372] New: GnuTLS 1.3 and no client cert, r…

Page principale
Ce message fait partie du fil suivant :
M\Arborescence complète du fil triée par date
MM 
admin à ->
Supprimer ce message
Répondre à ce message
Auteur: admin
Date:  
À: exim-dev
Nouveaux-sujets: [exim-dev] [Bug 2372] GnuTLS 1.3 and no client cert, required by server, fails to retry in clear
Sujet: [exim-dev] [Bug 2372] New: GnuTLS 1.3 and no client cert, required by server, fails to retry in clear
https://bugs.exim.org/show_bug.cgi?id=2372 

            Bug ID: 2372
           Summary: GnuTLS 1.3 and no client cert, required by server,
                    fails to retry in clear
           Product: Exim
           Version: 4.91
          Hardware: All
                OS: Linux
            Status: NEW
          Severity: bug
          Priority: high
         Component: TLS
          Assignee: jgh146exb@???
          Reporter: jgh146exb@???
                CC: exim-dev@???


Possibly associated with late-verification of cert on server; the TLS handshake
succeeds and the client does not see an error until the first data read, for
the
(crypted) EHLO-response. This is treated as a dataphase error during TLS, not
as a TLS handshake failure, and the message is queued for retry. We expect the
retries to fail the same way.

Seen with GnuTLS 3.6.5 on f29, which is about the earliest TLS1.3-capable
version.

Workaround: tls_require_ciphers = NORMAL:-VERS-TLS1.3

--
You are receiving this mail because:
You are on the CC list for the bug.
Ce message a été envoyé sur les listes de diffusion suivantes :
Exim-dev
Informations sur la liste de diffusion | Messages voisins		<-Re: [exim-dev] Bug 2369: single-key lookup type based on libcorkipset[exim-dev] [Bug 2372] GnuTLS 1.3 and no client cert, required by server, fails to retry in clear->
Tahini and Hummus and Cumin Development Archives administré par cumin AdminsLurker (version 2.3)