[exim] Re: exim don't speak to google any more!

Top Page
Delete this message
Reply to this message
Author: Viktor Dukhovni via Exim-users
Date:  
To: exim-users
Subject: [exim] Re: exim don't speak to google any more!
On Mon, Jul 29, 2024 at 09:25:21AM +0200, Francois Sauterey via Exim-users wrote:

> The response was :
>
> TLS Negotiation failed: FAILED_PRECONDITION: starttls error (71):
> 54099363978240:error:10000410:SSL routines:OPENSSL_internal:SSLV3_ALERT_HANDSHAKE_FAILURE:third_party/openssl/boringssl/src/ssl/tls_record.
> cc:592:SSL alert number 40 ;54099363978240:error:1000009a:SSL routines:OPENSSL_internal:HANDSHAKE_FAILURE_ON_CLIENT_HELLO:third_party/openssl/boringssl/src/ssl/handshake.cc:654:
>


The Google MTA is unable to establish a TLS handshake with your server,
which returns a fatal alert (40, often seen when there are no shared
ciphers, between client and server) in response to Google's TLS Client
Hello.

    https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-6


The logs on your server might (should) show more detail that the bounce
report from Google.

It could well be that your server certificate does not match its public
key, or its RSA key size is too small for the security level you've
configured, or some similar footgun problem on your end.

-- 
    VIktor.


--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/