On Fri, Sep 30, 2022 at 06:02:35PM +0100, Jeremy Harris via Exim-users wrote:
> On 30/09/2022 16:46, Viktor Dukhovni via Exim-users wrote:
> >> 00C0C60008000000:error:0A0C0103:SSL routines:tls_process_key_exchange:internal error:ssl/statem/statem_clnt.c:2254:
> >>
> >> I'll try to find some time to file a bug. Feel free to beat me to it.
>
> > Actually, this is expected behaviour:
> >
> > https://github.com/openssl/openssl/issues/15335#issuecomment-843843617
>
> Including that error line?
>
>
> No obvious difference with that "ciphers" :-
>
> 17:39:23 59777 SMTP>> 220 TLS go ahead
> 17:39:23 59777 Calling SSL_accept
> 17:39:23 59777 SSL hshake_start: before SSL initialization
> 17:39:23 59777 SSL SSL_accept,state_chg: before SSL initialization
> 17:39:23 59777 SSL SSL_accept,state_chg: before SSL initialization
> 17:39:23 59777 SSL write,alert fatal:protocol version
> 17:39:23 59777 SSL SSL_accept,hshake_exit: error in error
> 17:39:23 59777 TLS error '(SSL_accept): error:100C0102:BIO routines::passed a null parameter'
Do you also have a TLS version floor? "protocol version" sure sounds
like it. Anyway, this is perhaps a distraction from the GnuTLS issue,
which you've identifies IIRC (SSL 3.0-compatible handshake with no TLS
extensions fails against Exim + GnuTLS as reported).
--
Viktor.
