Re: [exim] if you use openssl v3+ with exim

Página Principal
Apagar esta mensagem
Responder a esta mensagem
Autor: Jeremy Harris
Data:  
Para: exim-users
Assunto: Re: [exim] if you use openssl v3+ with exim
On 09/12/2022 10:33, Cyborg via Exim-users wrote:
> since Fedora switched to openssl 3 (3.0.5 atm) we encounter these messages:
>
> TLS session: (SSL_connect): error:0A000152:SSL routines::unsafe legacy renegotiation disabled


For SMTP/TLS? Involving Exim?

The message looks like a courtesy note only, saying "I'm no longer prepared to
TLS-renegotiate this sort of connection"; something that TLS endpoints have always
been permitted to do for any class of TLS connection, and not implying a fault.

> This is connected to a 2009 CVE against common SSL libs ( nss, openssl etc.) using an insecure form of handshake.


CVE number?

> All faulty external mailserver have in common, that they are not up2date, as they at least do not offer TLS 1.3 encryption.
> On was even TLS 1.0 only ..


I'm unclear what you're saying here.


> The question "if OpenSSL 3 is buggy or not" is under investigation atm.


I'm not sure why you think it is.

> There is a workaround for the issue


What issue?

--
Cheers,
Jeremy