Re: [exim] if you use openssl v3+ with exim

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MCyborg at <-
MJeremy Harris at ->
Delete this message
Reply to this message
Author: Jeremy Harris
Date:  
To: exim-users
Subject: Re: [exim] if you use openssl v3+ with exim
On 09/12/2022 10:33, Cyborg via Exim-users wrote:
> since Fedora switched to openssl 3 (3.0.5 atm) we encounter these messages:
>
> TLS session: (SSL_connect): error:0A000152:SSL routines::unsafe legacy renegotiation disabled

For SMTP/TLS? Involving Exim?

The message looks like a courtesy note only, saying "I'm no longer prepared to
TLS-renegotiate this sort of connection"; something that TLS endpoints have always
been permitted to do for any class of TLS connection, and not implying a fault.

> This is connected to a 2009 CVE against common SSL libs ( nss, openssl etc.) using an insecure form of handshake.

CVE number?

> All faulty external mailserver have in common, that they are not up2date, as they at least do not offer TLS 1.3 encryption.
> On was even TLS 1.0 only ..

I'm unclear what you're saying here.


> The question "if OpenSSL 3 is buggy or not" is under investigation atm.

I'm not sure why you think it is.

> There is a workaround for the issue

What issue?

--
Cheers,
Jeremy


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-[exim] if you use openssl v3+ with eximRe: [exim] if you use openssl v3+ with exim->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)