[exim] if you use openssl v3+ with exim

Góra strony
Delete this message
Reply to this message
Autor: Cyborg
Data:  
Dla: exim-users
Temat: [exim] if you use openssl v3+ with exim

Hi all,

since Fedora switched to openssl 3 (3.0.5 atm) we encounter these messages:

TLS session: (SSL_connect): error:0A000152:SSL routines::unsafe legacy
renegotiation disabled

This is connected to a 2009 CVE against common SSL libs ( nss, openssl
etc.) using an insecure form of handshake.

All faulty external mailserver have in common, that they are not
up2date, as they at least do not offer TLS 1.3 encryption.
On was even TLS 1.0 only ..

The question "if OpenSSL 3 is buggy or not" is under investigation atm. 
There is a workaround for the issue, but it involves introducing MITM
attackvectors and we don't won't this, don't we? :) (if you need to know
throw me a mail).

best regards,
Marius