Re: [exim] if you use openssl v3+ with exim

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M\Viktor Dukhovni at <-
MMViktor Dukhovni at ->
Delete this message
Reply to this message
Author: Cyborg
Date:  
To: exim-users
Subject: Re: [exim] if you use openssl v3+ with exim
Am 09.12.22 um 18:22 schrieb Viktor Dukhovni via Exim-users:
>
> Are there any destination domains or MX hostnames you're willing and
> able to share which exhibit this issue? If this is reproducible also
> with e.g. Postfix and other MTAs, then there's nothing here for Exim
> to do. The remote server does not have an interoperable STARTTLS
> implementation: something is broken on the Internet...
>

Guys, it was just a FYI without the FYI mark. I will add it next time :)

There is nothing exim can do or should do. It's 100% caused by outdated
legacy servers, ignoring the year 2009 CVE.

The issue is reproduceable with openssl s_client directly:

openssl s_client -connect 82.218.176.66:25 -starttls smtp

for that host, you need to downgrade to " -tls1 ", as that candidate is
extremly old :D

All you should have in mind: if you switch to openssl3, this will haben
with a small minority of foreign mailservers. You are not the cause for
this.

Best regards,
Marius
This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] if you use openssl v3+ with eximRe: [exim] if you use openssl v3+ with exim->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)