[exim] if you use openssl v3+ with exim

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Cyborg
Dátum:  
Címzett: exim-users
Tárgy: [exim] if you use openssl v3+ with exim

Hi all,

since Fedora switched to openssl 3 (3.0.5 atm) we encounter these messages:

TLS session: (SSL_connect): error:0A000152:SSL routines::unsafe legacy
renegotiation disabled

This is connected to a 2009 CVE against common SSL libs ( nss, openssl
etc.) using an insecure form of handshake.

All faulty external mailserver have in common, that they are not
up2date, as they at least do not offer TLS 1.3 encryption.
On was even TLS 1.0 only ..

The question "if OpenSSL 3 is buggy or not" is under investigation atm. 
There is a workaround for the issue, but it involves introducing MITM
attackvectors and we don't won't this, don't we? :) (if you need to know
throw me a mail).

best regards,
Marius