Hi All,
Am 05.01.24 um 11:26 schrieb Cyborg via Exim-users:
> TLS error on connection from ..... (SSL_accept): error:0A0000C1:SSL
> routines::no shared cipher
>
> The interessting part is, the server that now fail to supply a valid
> cipher could use TLS 1.2 with a correct TLS 1.2 cipher in mid decembre.
> After X-Mas they started to fail.
>
I digged deeper into it:
Exim(-> openssl) does not accept one specific TLS 1.2 cipher on incoming
connections anymore.
Fact checked with s_client .... -tls1_2 -cipher ECDHE-RSA-AES256-GCM-SHA384
All other servers, with the identical setup, package versions and
openssl config , do accept this.
I compared /etc/crypto-policies/back-ends/openssl*.config with working
servers with sha256sum. identical.
I even reinstalled all crypto,exim and openssl packages. The problem
persists.
As if there is an additional config file for openssl, that is not in the
policies-path.
stracing the running exim process does not reveal any usefully systemcalls.
Any anyone an idea?
System-Os: Fedora.
Best regards,
Marius
--
## subscription configuration (requires account):
##
https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at
http://www.exim.org/
## Please use the Wiki with this list -
http://wiki.exim.org/