https://bugs.exim.org/show_bug.cgi?id=3035
--- Comment #1 from ivanov17 <ivanov17@???> ---
Example of current Exim behavior with OpenSSL 3.0:
2023-10-06 01:22:06 +0000 SMTP connection from
[2001:bc8:1200:4:208:a2ff:fe0c:67ea]:50298 I=[fd0e:f254:e326:f344::b3]:2525
(TCP/IP connection count = 1)
2023-10-06 01:22:06 +0000 TLS error on connection from kamino.imirhil.fr
[2001:bc8:1200:4:208:a2ff:fe0c:67ea]:50298 I=[fd0e:f254:e326:f344::b3]:2525
(SSL_accept): (TLSv1.1)
2023-10-06 01:22:06 +0000 SMTP connection from kamino.imirhil.fr
[2001:bc8:1200:4:208:a2ff:fe0c:67ea]:50298 I=[fd0e:f254:e326:f344::b3]:2525
closed by EOF
2023-10-06 01:22:06 +0000 SMTP connection from
[2001:bc8:1200:4:208:a2ff:fe0c:67ea]:50308 I=[fd0e:f254:e326:f344::b3]:2525
(TCP/IP connection count = 1)
2023-10-06 01:22:06 +0000 TLS error on connection from kamino.imirhil.fr
[2001:bc8:1200:4:208:a2ff:fe0c:67ea]:50308 I=[fd0e:f254:e326:f344::b3]:2525
(SSL_accept): (TLSv1)
2023-10-06 01:22:06 +0000 SMTP connection from kamino.imirhil.fr
[2001:bc8:1200:4:208:a2ff:fe0c:67ea]:50308 I=[fd0e:f254:e326:f344::b3]:2525
closed by EOF
2023-10-06 01:22:06 +0000 SMTP connection from
[2001:bc8:1200:4:208:a2ff:fe0c:67ea]:50318 I=[fd0e:f254:e326:f344::b3]:2525
(TCP/IP connection count = 1)
2023-10-06 01:22:06 +0000 TLS error on connection from kamino.imirhil.fr
[2001:bc8:1200:4:208:a2ff:fe0c:67ea]:50318 I=[fd0e:f254:e326:f344::b3]:2525
(SSL_accept): (SSLv3)
2023-10-06 01:22:06 +0000 SMTP connection from kamino.imirhil.fr
[2001:bc8:1200:4:208:a2ff:fe0c:67ea]:50318 I=[fd0e:f254:e326:f344::b3]:2525
closed by EOF
2023-10-06 01:22:06 +0000 SMTP connection from
[2001:bc8:1200:4:208:a2ff:fe0c:67ea]:50332 I=[fd0e:f254:e326:f344::b3]:2525
(TCP/IP connection count = 1)
2023-10-06 01:22:06 +0000 TLS error on connection from kamino.imirhil.fr
[2001:bc8:1200:4:208:a2ff:fe0c:67ea]:50332 I=[fd0e:f254:e326:f344::b3]:2525
(SSL_accept): (TLSv1.3)
2023-10-06 01:22:16 +0000 SMTP connection from kamino.imirhil.fr
[2001:bc8:1200:4:208:a2ff:fe0c:67ea]:50332 I=[fd0e:f254:e326:f344::b3]:2525
closed by EOF
For more information, see the discussion on a similar PHP issue:
https://github.com/php/php-src/issues/8369
I think it would also be useful to support the
SSL_OP_ALLOW_CLIENT_RENEGOTIATION option, which enables client-initiated
renegotiation, since it is disabled by default. It seems it was also introduced
in Openssl 3.0.
See
https://www.openssl.org/docs/man3.0/man3/SSL_CTX_set_options.html#SSL_OP_ALLOW_CLIENT_RENEGOTIATION
If this option is enabled, any client-initiated renegotiation will use secure
renegotiation (or it will fail if the client does not support it).
See
https://github.com/openssl/openssl/issues/21207#issuecomment-1592526580
--
You are receiving this mail because:
You are on the CC list for the bug.
--
## subscription configuration (requires account):
##
https://lists.exim.org/mailman3/postorius/lists/exim-dev.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-dev-unsubscribe@???
## Exim details at
http://www.exim.org/
## Please use the Wiki with this list -
http://wiki.exim.org/