[exim] Re: Issues with external servers using incorrect ssl …

Top Page
Delete this message
Reply to this message
Author: Cyborg
Date:  
To: exim-users
Subject: [exim] Re: Issues with external servers using incorrect ssl since around new years eve
Hi All,

Am 05.01.24 um 11:26 schrieb Cyborg via Exim-users:
> TLS error on connection from .....  (SSL_accept): error:0A0000C1:SSL
> routines::no shared cipher
>
> The interessting part is, the server that now fail to supply a valid
> cipher could use TLS 1.2 with a correct TLS 1.2 cipher in mid decembre.
> After X-Mas they started to fail.
>


I digged deeper into it:

Exim(-> openssl) does not accept one specific TLS 1.2 cipher on incoming
connections anymore.
Fact checked with s_client .... -tls1_2 -cipher ECDHE-RSA-AES256-GCM-SHA384

All other servers, with the identical setup, package versions and
openssl config , do accept this.

I compared /etc/crypto-policies/back-ends/openssl*.config with working
servers with sha256sum. identical.

I even reinstalled all crypto,exim and openssl packages. The problem
persists.

As if there is an additional config file for openssl, that is not in the
policies-path.

stracing the running exim process does not reveal any usefully systemcalls.

Any anyone an idea?

System-Os: Fedora.

Best regards,
Marius

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/