Re: [exim] OpenSSL IOT woes

Página Principal
Apagar esta mensagem
Responder a esta mensagem
Autor: Jeremy Harris
Data:  
Para: exim-users
Assunto: Re: [exim] OpenSSL IOT woes
On 30/09/2022 21:33, Viktor Dukhovni via Exim-users wrote:
> On Fri, Sep 30, 2022 at 09:18:08PM +0100, Jeremy Harris via Exim-users wrote:
>
>> On 30/09/2022 20:28, Viktor Dukhovni via Exim-users wrote:
>>> Does "s_client -tls1_1 -cipher ALL:@SECLEVEL=0" work? Let's first
>>> sort that out.
>>
>> It does not. The same Fatal Alert.
>
> Presumably it'll work for you if you connect to:
>
>      [dnssec-stats.ant.isi.edu]:25


It does.

> So the barrier is some interaction between Exim and OpenSSL that makes
> TLS 1.0 and 1.1 unavailable.


Yes, or the system my test server is running on forcing no TLSv1.1 support
(do/can they do that?)

Could the min/max protocol stuff mentioned in
https://www.openssl.org/docs/man1.1.1/man3/SSL_CONF_cmd.html
be affecting it?
Exim has no SSL_CONF_* calls currently; probably never has in it's
history.

I'm not sure how to debug. Does OpenSSL offer detailed internal
debug the way that GnuTLS does?

--
Cheers,
Jeremy