Re: [exim] TLS error no shared cipher with SSL_accept: error…

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Viktor Dukhovni
Datum:  
To: exim-users
Betreff: Re: [exim] TLS error no shared cipher with SSL_accept: error in error
On Mon, May 31, 2021 at 11:19:23PM +0200, Marcin Gryszkalis via Exim-users wrote:

> On 31.05.2021 22:59, Viktor Dukhovni via Exim-users wrote:
> >> I checked on exim built on FreeBSD 12 (with openssl 1.1) and it works fine - but fails on other installation with openssl 1.0.
> >
> > So what version of FreeBSD and OpenSSL are on the system with the
> > reported issue? Support for negotiated ECDHE groups has evolved in
> > OpenSSL over time. With older OpenSSL releases unless group selection
> > is explicitly set to "auto", the server picks some single default group,
> > which may not match this particular client's choice.
>
> Sorry, I forgot to mention this.
>
> This is OpenSSL 1.0.2u (base version for FreeBSD 11.4).


I see, the version of OpenSSL may be relevant here.

Is the server in question "mail.fuze.pl"? On port 25 for that server I
see:

    No client certificate CA names sent
    Peer signing digest: SHA512
    Peer signature type: RSA
    Server Temp Key: ECDH, P-256, 256 bits
    ---
    SSL handshake has read 3757 bytes and written 475 bytes
    Verification: OK
    ---
    New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
    Server public key is 4096 bit
    Secure Renegotiation IS supported
    Compression: NONE
    Expansion: NONE
    No ALPN negotiated
    SSL-Session:
        Protocol  : TLSv1.2
        Cipher    : ECDHE-RSA-AES256-GCM-SHA384
        Session-ID: ...
        Session-ID-ctx:
        Master-Key: ...
        PSK identity: None
        PSK identity hint: None
        SRP username: None
        Start Time: 1622494851
        Timeout   : 7200 (sec)
        Verify return code: 0 (ok)
        Extended master secret: no


Which does show working support for ECDHE with P-256. I'd also humbly
suggest not bothering with 4096 bit RSA certs, they're rather pointless.
The major CAs are all using 2048 bit RSA. RSA 4096 is just bloat.

> I could switch to 1.1.1k from ports but that would require rebuilding
> exim and the rest.
> I also could switch to libressl or even GnuTLS...


I would not recommend either of those two, but OpenSSL 1.1.1 would be a
much better choice, 1.0.2 has been EOL for quite some time.

-- 
    Viktor.