Re: [exim] if you use openssl v3+ with exim

Pàgina inicial
Delete this message
Reply to this message
Autor: Viktor Dukhovni
Data:  
A: exim-users
Assumpte: Re: [exim] if you use openssl v3+ with exim
On Fri, Dec 09, 2022 at 05:51:17PM +0100, Cyborg via Exim-users wrote:

> If a TLS connect is done to an outdated server using the old
> renegotiation methode, openssl 3 ends the connection with that error
> message.


> so, if you use openssl 3 and see this error message:
>
> 2022-12-09 10:23:22 1p3ZbF-003Bdo-2L == XXXXXXXX <X@Y> R=dnslookup
> T=remote_smtp defer (-37) H=mailin2.Z.z.z [a.b.c.d]: TLS session:
> (SSL_connect): error:0A000152:SSL routines::unsafe legacy renegotiation
> disabled
>
> you need to contact the receiver and inform it , that hes using an
> outdated mailserver software with MITM enabling ageold security holes.


Are there any destination domains or MX hostnames you're willing and
able to share which exhibit this issue? If this is reproducible also
with e.g. Postfix and other MTAs, then there's nothing here for Exim
to do. The remote server does not have an interoperable STARTTLS
implementation: something is broken on the Internet...

-- 
    Viktor.