[exim-dev] [Bug 3035] Support for new SSL context options in…

Góra strony
Delete this message
Reply to this message
Autor: Exim Bugzilla
Data:  
Dla: exim-dev
Temat: [exim-dev] [Bug 3035] Support for new SSL context options introduced in OpenSSL 3.0
https://bugs.exim.org/show_bug.cgi?id=3035

--- Comment #1 from ivanov17 <ivanov17@???> ---
Example of current Exim behavior with OpenSSL 3.0:

2023-10-06 01:22:06 +0000 SMTP connection from
[2001:bc8:1200:4:208:a2ff:fe0c:67ea]:50298 I=[fd0e:f254:e326:f344::b3]:2525
(TCP/IP connection count = 1)
2023-10-06 01:22:06 +0000 TLS error on connection from kamino.imirhil.fr
[2001:bc8:1200:4:208:a2ff:fe0c:67ea]:50298 I=[fd0e:f254:e326:f344::b3]:2525
(SSL_accept): (TLSv1.1)
2023-10-06 01:22:06 +0000 SMTP connection from kamino.imirhil.fr
[2001:bc8:1200:4:208:a2ff:fe0c:67ea]:50298 I=[fd0e:f254:e326:f344::b3]:2525
closed by EOF
2023-10-06 01:22:06 +0000 SMTP connection from
[2001:bc8:1200:4:208:a2ff:fe0c:67ea]:50308 I=[fd0e:f254:e326:f344::b3]:2525
(TCP/IP connection count = 1)
2023-10-06 01:22:06 +0000 TLS error on connection from kamino.imirhil.fr
[2001:bc8:1200:4:208:a2ff:fe0c:67ea]:50308 I=[fd0e:f254:e326:f344::b3]:2525
(SSL_accept): (TLSv1)
2023-10-06 01:22:06 +0000 SMTP connection from kamino.imirhil.fr
[2001:bc8:1200:4:208:a2ff:fe0c:67ea]:50308 I=[fd0e:f254:e326:f344::b3]:2525
closed by EOF
2023-10-06 01:22:06 +0000 SMTP connection from
[2001:bc8:1200:4:208:a2ff:fe0c:67ea]:50318 I=[fd0e:f254:e326:f344::b3]:2525
(TCP/IP connection count = 1)
2023-10-06 01:22:06 +0000 TLS error on connection from kamino.imirhil.fr
[2001:bc8:1200:4:208:a2ff:fe0c:67ea]:50318 I=[fd0e:f254:e326:f344::b3]:2525
(SSL_accept): (SSLv3)
2023-10-06 01:22:06 +0000 SMTP connection from kamino.imirhil.fr
[2001:bc8:1200:4:208:a2ff:fe0c:67ea]:50318 I=[fd0e:f254:e326:f344::b3]:2525
closed by EOF
2023-10-06 01:22:06 +0000 SMTP connection from
[2001:bc8:1200:4:208:a2ff:fe0c:67ea]:50332 I=[fd0e:f254:e326:f344::b3]:2525
(TCP/IP connection count = 1)
2023-10-06 01:22:06 +0000 TLS error on connection from kamino.imirhil.fr
[2001:bc8:1200:4:208:a2ff:fe0c:67ea]:50332 I=[fd0e:f254:e326:f344::b3]:2525
(SSL_accept): (TLSv1.3)
2023-10-06 01:22:16 +0000 SMTP connection from kamino.imirhil.fr
[2001:bc8:1200:4:208:a2ff:fe0c:67ea]:50332 I=[fd0e:f254:e326:f344::b3]:2525
closed by EOF

For more information, see the discussion on a similar PHP issue:
https://github.com/php/php-src/issues/8369

I think it would also be useful to support the
SSL_OP_ALLOW_CLIENT_RENEGOTIATION option, which enables client-initiated
renegotiation, since it is disabled by default. It seems it was also introduced
in Openssl 3.0.

See
https://www.openssl.org/docs/man3.0/man3/SSL_CTX_set_options.html#SSL_OP_ALLOW_CLIENT_RENEGOTIATION

If this option is enabled, any client-initiated renegotiation will use secure
renegotiation (or it will fail if the client does not support it).
See https://github.com/openssl/openssl/issues/21207#issuecomment-1592526580

--
You are receiving this mail because:
You are on the CC list for the bug.

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-dev.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-dev-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/