[exim] OT/2: TLS on gnu.org, better named: the insecured gn…

Páxina inicial
Borrar esta mensaxe
Responder a esta mensaxe
Autor: Cyborg
Data:  
Para: exim-users
Asunto: [exim] OT/2: TLS on gnu.org, better named: the insecured gnu.org mailserver

Hi,

this message is not about exim problems, it's about problems involving
exim.

As you all heared, Richard Stallmann as resigned from it's positions.
Not the topic here,
but it caused me to send him a letter, which I do once in a while.

Unfortunately, the admins at gnu don't think much about security, as
their mailserver,
revealed itself to be a very outdated exim 4.71 .

$ nc eggs.gnu.org 25
220 eggs.gnu.org ESMTP Exim 4.71 Wed, 18 Sep 2019 09:35:02 -0400

But that's not the main problem, but the possibly the reason for the
bigger problem:

$ openssl s_client -connect eggs.gnu.org:25 -starttls smtp -tls1_2
CONNECTED(00000003)
140424124348224:error:1425F102:SSL
routines:ssl_choose_client_version:unsupported
protocol:ssl/statem/statem_lib.c:1922:

Because:

$ openssl s_client -connect eggs.gnu.org:25 -starttls smtp

New, SSLv3, Cipher is AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1
    Cipher    : AES256-SHA
...

this server does only speak TLS 1.0 from 1998.

If you have the opportunity to inform those admins, please do so.

I can't, because our server does not longer speak
outdated-broken-beyond-repair-protocols from the last millenium and
refuses plaintext smtp too ;)

Best regards,
Marius