[exim] if you use openssl v3+ with exim

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M 
MJeremy Harris at ->
Delete this message
Reply to this message
Author: Cyborg
Date:  
To: exim-users
Subject: [exim] if you use openssl v3+ with exim

Hi all,

since Fedora switched to openssl 3 (3.0.5 atm) we encounter these messages:

TLS session: (SSL_connect): error:0A000152:SSL routines::unsafe legacy
renegotiation disabled

This is connected to a 2009 CVE against common SSL libs ( nss, openssl
etc.) using an insecure form of handshake.

All faulty external mailserver have in common, that they are not
up2date, as they at least do not offer TLS 1.3 encryption.
On was even TLS 1.0 only ..

The question "if OpenSSL 3 is buggy or not" is under investigation atm. 
There is a workaround for the issue, but it involves introducing MITM
attackvectors and we don't won't this, don't we? :) (if you need to know
throw me a mail).

best regards,
Marius
This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] dkim=fail (body hash mismatch; body probably modified in transit)Re: [exim] if you use openssl v3+ with exim->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)