著者: Cyborg 日付: To: exim-users 題目: Re: [exim] TLS error no shared cipher with SSL_accept: error in
error
Am 31.05.21 um 13:44 schrieb Marcin Gryszkalis via Exim-users: > Hi, I have problem with one server connecting to my exim.
> Just after Client Hello server sends "Handshake Failure" and closes
> connection.
>
> exim's cipher list is wide
> ALL:!EXPORT:!DES:!RC2:!RC4:!MD5:!PSK:!aNULL:!eNULL:!EXP:!SRP:!DSS:!DHE:!3DES
> and contains ciphers that are mentioned by client, the same for
> curves, signatures etc. The only difference is extended_master_secret
> is not supported by exim but I guess it should be ignored.
>
The client did not offer a cipher you have allowed.
You can do various tests to find out with openssl's s_client:
Firts find out, what you would offer with openssl:
$ openssl ciphers
now you can compare it with the list the client send or you do it the
hard way and test it manually:
2021-05-31 14:32:15 TLS error on connection from (mail.example.com)
[XXXXXXXXXXX] (SSL_accept (SSLv3)): error:14209102:SSL
routines:tls_early_post_process_client_hello:unsupported protocol
$ openssl s_client --connect c1:25 -starttls smtp -tls1 -cipher
RSA-PSK-AES128-CBC-SHA ( this one would work with tls1_3+ only )
CONNECTED(00000003)
140164130756416:error:141A90B5:SSL routines:ssl_cipher_list_to_bytes:no
ciphers available:ssl/statem/statem_clnt.c:3801:No ciphers enabled for
max supported SSL/TLS version
2021-05-31 14:34:42 TLS error on connection from (mail.example.com)
[XXXXXXXXXXX] (SSL_accept): error:140940F4:SSL
routines:ssl3_read_bytes:unexpected message