Re: [exim] A TLS fatal alert has been received.: Insufficien…

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Calum Mackay
Date:  
À: Arno Thuber, exim-users
Sujet: Re: [exim] A TLS fatal alert has been received.: Insufficient security
Might this be relevant?

    https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929907


which also deals with GnuTLS record receive code.

cheers,
calum.

On 10/06/2019 4:51 pm, Arno Thuber via Exim-users wrote:
> Hello,
>
> today I suddenly started to see log lines telling me "A TLS fatal alert has
> been received.: Insufficient security".
>
> The thing is, that it as far as I can see only happens when receiving
> messages from the German mail provider GMX.
> I can send messages to them, I also can send mails from GMX to my other
> accounts at other mail providers and transmission happens TLS encrypted
> (using the same ciphers). I also still receive mails over TLS encrypted
> links from other mail providers.
>
> The interesting part of the communication is as follows:
> gnutls_handshake was successful
> TLS: checking peer certificate
> TLS certificate verified: peerdn="C=DE,O=1&1 Mail & Media
> GmbH,ST=Rhineland-Palatinate,L=Montabaur,CN=mout.gmx.net"
> cipher: TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256
> Have channel bindings cached for possible auth usage.
> TLS active
> gnutls_record_recv(0x55de099705b0, 0x55de09d526d0, 4096)
> GnuTLS<3>: ASSERT: record.c[record_add_to_buffers]:787
> GnuTLS<3>: ASSERT: record.c[record_add_to_buffers]:794
> GnuTLS<3>: ASSERT: record.c[_gnutls_recv_in_buffers]:1328
> GnuTLS<3>: ASSERT: record.c[_gnutls_recv_int]:1473
> tls_refill: err from gnutls_record_recv(
> LOG: MAIN
> TLS error on connection from mout.gmx.net [212.227.17.22] (recv): A TLS
> fatal alert has been received.: Insufficient security
> LOG: smtp_connection MAIN
> SMTP connection from mout.gmx.net [212.227.17.22] lost D=0s
> child 4244 ended: status=0x100
> normal exit, 1
>
> I didn't upate anything the last days. I'm using Exim 4.92-7~bpo9+1 from
> Debian with GnuTLS 3.5.8-5+deb9u4.
>
> I had hopes I could learn from Marc Merlins issue, but after some
> similarity for starters it seems to be something different and I'm at a
> loss.
>
> Regards,
> Arno
>