Autor: Jeremy Harris Data: Para: exim-users Assunto: Re: [exim] if you use openssl v3+ with exim
On 09/12/2022 10:33, Cyborg via Exim-users wrote: > since Fedora switched to openssl 3 (3.0.5 atm) we encounter these messages:
>
> TLS session: (SSL_connect): error:0A000152:SSL routines::unsafe legacy renegotiation disabled
For SMTP/TLS? Involving Exim?
The message looks like a courtesy note only, saying "I'm no longer prepared to
TLS-renegotiate this sort of connection"; something that TLS endpoints have always
been permitted to do for any class of TLS connection, and not implying a fault.
> This is connected to a 2009 CVE against common SSL libs ( nss, openssl etc.) using an insecure form of handshake.
CVE number?
> All faulty external mailserver have in common, that they are not up2date, as they at least do not offer TLS 1.3 encryption.
> On was even TLS 1.0 only ..
I'm unclear what you're saying here.
> The question "if OpenSSL 3 is buggy or not" is under investigation atm.
I'm not sure why you think it is.
> There is a workaround for the issue