On 12/27/2013 03:39 PM, Viktor Dukhovni wrote:
On Fri, Dec 27, 2013 at 03:28:46PM -0600, Bobber wrote:
=== TLS started w/ cipher DES-CBC3-SHA
=== TLS peer subject DN="/C=US/ST=Missouri/L=Saint Louis/O=The
Lawrence Group/OU=IT/OU=Terms of use at www.verisign.com/rpa
(c)05/CN=mail.thelawrencegroup.com"
There's your problem! This server (likely Exchange 2003) has a
broken implementation of 3DES CBC padding (search Postfix users
archives for my posts on the subject), and your cipher list is
either long enough to cause it to not see RC4-SHA and RC4-MD5 or
you've disabled RC4 (directly, or by only enabling HIGH grade
ciphers).
Does Micro$oft have a fix for this?
--
Bob Wooldridge
Blog: http://kc0dxf.net/blog
