Re: [exim] GnuTTS woes

Top Page
Delete this message
Reply to this message
Author: Jeremy Harris
Date:  
To: exim-users
Subject: Re: [exim] GnuTTS woes
On 30/09/2022 15:33, Viktor Dukhovni via Exim-users wrote:
> On Fri, Sep 30, 2022 at 02:04:51PM +0100, Jeremy Harris via Exim-users wrote:
>> Note that this client won't work against current OpenSSL
>> default builds.
>
> When you say "current" you mean 3.1-dev? What is the observed failure
> mode? It "works" against the latest OpenSSL 1.1.1 (the server responds
> with server hello, certificate, ..., server hello done).
>
> Perhaps TLS 1.1 is not enabled in your build?


OpenSSL 3.0.5 5 Jul 2022    running on Fedora 36


I think using the distro standard package
openssl-1:3.0.2-4.fc36.x86_64
(though I note the numbers don't exactly line up)

The failure mode is a TLS Alert complaining about version
(I forget the precise wording, sorry)
and followed by what looks like a library internal bug-triggered
error for a BIO operation error.

Clearing either no_tlsv1_1 or no_sslv3 has no effect.


Let me know if you need a repeat run.
--
Cheers,
Jeremy