Author: Arno Thuber Date: To: exim-users Subject: [exim] A TLS fatal alert has been received.: Insufficient security
Hello,
today I suddenly started to see log lines telling me "A TLS fatal alert has
been received.: Insufficient security".
The thing is, that it as far as I can see only happens when receiving
messages from the German mail provider GMX.
I can send messages to them, I also can send mails from GMX to my other
accounts at other mail providers and transmission happens TLS encrypted
(using the same ciphers). I also still receive mails over TLS encrypted
links from other mail providers.
The interesting part of the communication is as follows:
gnutls_handshake was successful
TLS: checking peer certificate
TLS certificate verified: peerdn="C=DE,O=1&1 Mail & Media
GmbH,ST=Rhineland-Palatinate,L=Montabaur,CN=mout.gmx.net"
cipher: TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256
Have channel bindings cached for possible auth usage.
TLS active
gnutls_record_recv(0x55de099705b0, 0x55de09d526d0, 4096)
GnuTLS<3>: ASSERT: record.c[record_add_to_buffers]:787
GnuTLS<3>: ASSERT: record.c[record_add_to_buffers]:794
GnuTLS<3>: ASSERT: record.c[_gnutls_recv_in_buffers]:1328
GnuTLS<3>: ASSERT: record.c[_gnutls_recv_int]:1473
tls_refill: err from gnutls_record_recv(
LOG: MAIN
TLS error on connection from mout.gmx.net [212.227.17.22] (recv): A TLS
fatal alert has been received.: Insufficient security
LOG: smtp_connection MAIN
SMTP connection from mout.gmx.net [212.227.17.22] lost D=0s
child 4244 ended: status=0x100
normal exit, 1
I didn't upate anything the last days. I'm using Exim 4.92-7~bpo9+1 from
Debian with GnuTLS 3.5.8-5+deb9u4.
I had hopes I could learn from Marc Merlins issue, but after some
similarity for starters it seems to be something different and I'm at a
loss.
