Re: [exim] debugging tls handshake failure

Top Page
This message is part of the following thread:
M-+++\the complete thread tree sorted by date
M.MMMMViktor Dukhovni at <-
M\Jeremy Harris at ->
Delete this message
Reply to this message
Author: Jeremy Harris
Date:  
To: exim-users
Subject: Re: [exim] debugging tls handshake failure
On 21/11/2022 21:41, Julian Bradfield via Exim-users wrote:
> I should like to know what's happening here:
>
> 2022-11-21 21:10:42 TLS error on connection from r218.notifications.rbs.co.uk [130.248.154.218] (gnutls_handshake): A TLS fatal alert has been received.
>
> However, I can't see how to get any more information. I've tried
> setting
> add_environment = GNUTLS_DEBUG_LEVEL=3
> in the exim4 config file, but it doesn't appear to do anything.
>
> Is there a way to get more information?

The gnutls library helpfully (I infer) reads the environment at
process startup, too early for the config-driven addition of that
variable. Try having the thing firing off the exim process
adding to the environment instead. You'll need to add it
to keep_environment.

I go up to 9 on occasion, but 3 is reasonably detailed.

Alternatively, since you know there's an alert involved, go down
the packet capture route. You'll need to
add_environment = SSLKEYLOGFILE=<SOME_DIRECTORY>/sslkeys
and tell wireshark where to pick them up
(edit/pref/protocols/tls/ Master Secret Log filename)
--
Cheers,
Jeremy


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] debugging tls handshake failureRe: [exim] interface and greylistning->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)