[exim] OT/2: TLS on gnu.org, better named: the insecured gn…

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MM 
.MEvgeniy Berdnikov at ->
Delete this message
Reply to this message
Author: Cyborg
Date:  
To: exim-users
Subject: [exim] OT/2: TLS on gnu.org, better named: the insecured gnu.org mailserver

Hi,

this message is not about exim problems, it's about problems involving
exim.

As you all heared, Richard Stallmann as resigned from it's positions.
Not the topic here,
but it caused me to send him a letter, which I do once in a while.

Unfortunately, the admins at gnu don't think much about security, as
their mailserver,
revealed itself to be a very outdated exim 4.71 .

$ nc eggs.gnu.org 25
220 eggs.gnu.org ESMTP Exim 4.71 Wed, 18 Sep 2019 09:35:02 -0400

But that's not the main problem, but the possibly the reason for the
bigger problem:

$ openssl s_client -connect eggs.gnu.org:25 -starttls smtp -tls1_2
CONNECTED(00000003)
140424124348224:error:1425F102:SSL
routines:ssl_choose_client_version:unsupported
protocol:ssl/statem/statem_lib.c:1922:

Because:

$ openssl s_client -connect eggs.gnu.org:25 -starttls smtp

New, SSLv3, Cipher is AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1
    Cipher    : AES256-SHA
...

this server does only speak TLS 1.0 from 1998.

If you have the opportunity to inform those admins, please do so.

I can't, because our server does not longer speak
outdated-broken-beyond-repair-protocols from the last millenium and
refuses plaintext smtp too ;)

Best regards,
Marius

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-[exim] a tool to relay to Gmail using AUTH XOAUTH2Re: [exim] OT/2: TLS on gnu.org, better named: the insecured gnu.org mailserver->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)