[exim] SSL_renegotiate:wrong ssl version

Hi,

I discovered a renegotiation problem between openssl s_client and
exim(same openssl)

This is, what Exim 4.96 Release 2 Fedora 35 logged:


2022-09-10 13:47:18 unexpected disconnection while reading SMTP command
from (d111.x-mailer.de) [83.246.32.110] D=13s
2022-09-10 13:48:14 unexpected disconnection while reading SMTP command
from (d111.x-mailer.de) [83.246.32.110] D=16s
2022-09-10 13:51:25 unexpected disconnection while reading SMTP command
from (d111.x-mailer.de) [83.246.32.110] D=12s


And this happend on the client side:

# openssl s_client -connect me.target.de:25 -starttls smtp
CONNECTED(00000003)

...lots of SSL INFOS ....

issuer=C = US, O = Let's Encrypt, CN = R3

---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 2858 bytes and written 438 bytes
Verification error: unable to verify the first certificate
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 4096 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 21 (unable to verify the first certificate)
---
250 HELP
HELO smtp.example.com
250 smtp.target.de Hello smtp.example.com [83.246.32.110]
MAIL FROM:<test@???>
250 OK
RCPT TO:<recipientname>
RENEGOTIATING
140149325708800:error:1420410A:SSL routines:SSL_renegotiate:wrong ssl
version:ssl/ssl_lib.c:2143:

I tried it 3 times, everytime with the same result, an exact
renegotiation after RCPT TO.

The certificate is fine, openssl does not seem to be able to verify
because it doesn't know which domainname it should have,
as no hint was given to openssl s_client.


Any ideas why this renegotiation is :

a) started at all
b) fails
and c) on how to counter this?

best regards,
Marius