On Fri, Dec 09, 2022 at 05:51:17PM +0100, Cyborg via Exim-users wrote:
> If a TLS connect is done to an outdated server using the old
> renegotiation methode, openssl 3 ends the connection with that error
> message.
> so, if you use openssl 3 and see this error message:
>
> 2022-12-09 10:23:22 1p3ZbF-003Bdo-2L == XXXXXXXX <X@Y> R=dnslookup
> T=remote_smtp defer (-37) H=mailin2.Z.z.z [a.b.c.d]: TLS session:
> (SSL_connect): error:0A000152:SSL routines::unsafe legacy renegotiation
> disabled
>
> you need to contact the receiver and inform it , that hes using an
> outdated mailserver software with MITM enabling ageold security holes.
Are there any destination domains or MX hostnames you're willing and
able to share which exhibit this issue? If this is reproducible also
with e.g. Postfix and other MTAs, then there's nothing here for Exim
to do. The remote server does not have an interoperable STARTTLS
implementation: something is broken on the Internet...
--
Viktor.