Re: [exim] if you use openssl v3+ with exim

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Cyborg
Dátum:  
Címzett: exim-users
Tárgy: Re: [exim] if you use openssl v3+ with exim
Am 09.12.22 um 18:22 schrieb Viktor Dukhovni via Exim-users:
>
> Are there any destination domains or MX hostnames you're willing and
> able to share which exhibit this issue? If this is reproducible also
> with e.g. Postfix and other MTAs, then there's nothing here for Exim
> to do. The remote server does not have an interoperable STARTTLS
> implementation: something is broken on the Internet...
>


Guys, it was just a FYI without the FYI mark. I will add it next time :)

There is nothing exim can do or should do. It's 100% caused by outdated
legacy servers, ignoring the year 2009 CVE.

The issue is reproduceable with openssl s_client directly:

openssl s_client -connect 82.218.176.66:25 -starttls smtp

for that host, you need to downgrade to " -tls1 ", as that candidate is
extremly old :D

All you should have in mind: if you switch to openssl3, this will haben
with a small minority of foreign mailservers. You are not the cause for
this.

Best regards,
Marius