Szerző: Cyborg Dátum: Címzett: exim-users Tárgy: Re: [exim] if you use openssl v3+ with exim
Am 09.12.22 um 13:21 schrieb Jeremy Harris via Exim-users: > On 09/12/2022 10:43, Jeremy Harris via Exim-users wrote:
>>
>> The message looks like a courtesy note only, saying "I'm no longer prepared to
>>
>> TLS-renegotiate this sort of connection"; something that TLS endpoints have always
>>
>> been permitted to do for any class of TLS connection, and not implying a fault.
>>
>
> Having looking around the code, it does look like the "TLS session" bit
> implies Exim's smtp transport, with a conn fail. I'll investigate
> further.
>
> It'd help to get a debug trace for such a connection, so I can see detail
> on the TLS operations for re-creation of the condition.
It's not an exim error message, it upstreams from openssl into the logs.
If a TLS connect is done to an outdated server using the old
renegotiation methode,
openssl 3 ends the connection with that error messge.
The root cause for this, is a change in the default config compiled
intothe openssl executable.
For OpenSSL 3 in 2021 they pulled in a patch to enable the check routine
for this old renegotiation bug from 2009.
In Openssl 1 it stayed turned off. Upgrading a os from openssl 1 to 3
will auto enable this check and bring this error
to the logs.
so, if you use openssl 3 and see this error message:
