[exim-dev] [Bug 2034] ignore errors on connection close with…

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Exim Bugzilla
Date:  
À: exim-dev
Sujet: [exim-dev] [Bug 2034] ignore errors on connection close without TLS shutdown
https://bugs.exim.org/show_bug.cgi?id=2034

Andreas Metzler <eximusers@???> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|TLS error on connection     |ignore errors on connection
                   |from ...                    |close without TLS shutdown
                   |(gnutls_handshake): The TLS |
                   |connection was non-properly |
                   |terminated.                 |
             Status|RESOLVED                    |REOPENED
         Resolution|WORKSFORME                  |---


--- Comment #6 from Andreas Metzler <eximusers@???> ---
Hello,

this seems to come up again and again:
https://lists.exim.org/lurker/message/20240728.163150.a498bf57.html
https://lists.exim.org/lurker/message/20240313.192339.afc81f8f.html
https://lists.exim.org/lurker/message/20230912.115936.4ddc7991.html
https://lists.exim.org/lurker/message/20210118.153132.8a5021e9.de.html

The dominating e-mail providers seem to not bother with TLS shutdown and exim
logs an error (GnuTLS: The TLS connection was non-properly terminated /
OpenSSL: unexpected eof while reading).

Afaict nobody thinks the error message serves a real purpose:
Jeremy Harris:
| Google is violating standards, according to the OpenSSL library.
|
| Complain to them (and you'll be ignored, like the rest of us).


Viktor Dukhovni said postfix ignores the error since the possible truncation
attacks that this warning message warns about don't apply to SMTP and the
respective postfix code-path only does TLS for SMTP.

Assumimg this (only SMTP TLS use) it probably would make sense to also set
SSL_OP_IGNORE_UNEXPECTED_EOF for OpenSSL and ignore
GNUTLS_E_PREMATURE_TERMINATION?

See https://github.com/hestiacp/hestiacp/issues/3781 for further information
and a suggested gnutls-patch.

Thanks for considering, cu Andrreas

--
You are receiving this mail because:
You are on the CC list for the bug.

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-dev.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-dev-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/