On 2021-06-01 Marcin Gryszkalis via Exim-users wrote:
[...]
> so I checked what is the difference between these two boxes - and finally
> found it - problematic exim uses EC certificate, while mail.fuze.pl uses (as
> you could see) RSA. The change was caused by
> switch of defaults in deydrated
On 31.05.2021 23:29, Viktor Dukhovni via Exim-users wrote:
I see, the version of OpenSSL may be relevant here.
Is the server in question "mail.fuze.pl"? On port 25 for that server I
This is not the server but It uses the same configuration and same
FreeBSD/openssl version - but as I tested
On Mon, May 31, 2021 at 11:19:23PM +0200, Marcin Gryszkalis via Exim-users
wrote:
> On 31.05.2021 22:59, Viktor Dukhovni via Exim-users wrote:
> >> I checked on exim built on FreeBSD 12 (with openssl 1.1) and it works fine
> >> - but fails on other installation with openssl 1.0.
> >
> > So
On 31.05.2021 22:59, Viktor Dukhovni via Exim-users wrote:
I checked on exim built on FreeBSD 12 (with openssl 1.1) and it works fine -
but fails on other installation with openssl 1.0.
So what version of FreeBSD and OpenSSL are on the system with the
reported issue? Support for negotiated
On Mon, May 31, 2021 at 11:08:22PM +0300, Evgeniy Berdnikov via Exim-users
wrote:
> > SSL-Session:
> > Protocol : TLSv1.2
> > Cipher: ECDHE-ECDSA-AES256-GCM-SHA384
> > Session-ID: ...
> > Session-ID-ctx:
> > Master-Key: ...
> > Key-Arg : None
> > PSK identity:
On Mon, May 31, 2021 at 04:42:55PM +0200, Marcin Gryszkalis via Exim-users
wrote:
> openssl s_client -connect 127.0.0.1:465 -tls1_2 -cipher
> ECDHE-ECDSA-AES256-GCM-SHA384
> But - I tried to specify the curve and it failed
>
> openssl s_client -connect 127.0.0.1:465 -tls1_2 -cipher
>
On Mon, May 31, 2021 at 04:42:55PM +0200, Marcin Gryszkalis via Exim-users
wrote:
> openssl s_client -connect 127.0.0.1:465 -tls1_2 -cipher
> ECDHE-ECDSA-AES256-GCM-SHA384
>
> SSL-Session:
> Protocol : TLSv1.2
> Cipher: ECDHE-ECDSA-AES256-GCM-SHA384
> Session-ID: ...
>
On 31/05/2021 13:27, Viktor Dukhovni via Exim-users wrote:
40884 SSL_accept: error in error
40884 SSL_accept: error in error
I haven't seen that one much. Perhaps an issue in the Exim OpenSSL glue
code.
Best guess is that is from an info callback into Exim from OpenSSL
( registered via
On 31/05/2021 12:44, Marcin Gryszkalis via Exim-users wrote:
extended_master_secret is not supported by exim
Exim supports it if the OpenSSL version (both compile-time
and run-time) supports it.
--
Cheers,
Jeremy
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
##
On 31.05.2021 14:42, Cyborg via Exim-users wrote:
The client did not offer a cipher you have allowed.
But it's not true (see details in my reponse to Viktor's mail).
You can do various tests to find out with openssl's s_client:
with s_client I always succeed - eg. when I use first cipher
On 31.05.2021 14:27, Viktor Dukhovni via Exim-users wrote:
On Mon, May 31, 2021 at 01:44:39PM +0200, Marcin Gryszkalis via Exim-users
wrote:
exim's cipher list is wide
ALL:!EXPORT:!DES:!RC2:!RC4:!MD5:!PSK:!aNULL:!eNULL:!EXP:!SRP:!DSS:!DHE:!3DES
What is the reason for disabling DHE ciphers?
On Mon, May 31, 2021 at 01:44:39PM +0200, Marcin Gryszkalis via Exim-users
wrote:
> exim's cipher list is wide
> ALL:!EXPORT:!DES:!RC2:!RC4:!MD5:!PSK:!aNULL:!eNULL:!EXP:!SRP:!DSS:!DHE:!3DES
What is the reason for disabling DHE ciphers? And though in modern
OpenSSL releases there are no longer
Am 31.05.21 um 13:44 schrieb Marcin Gryszkalis via Exim-users:
Hi, I have problem with one server connecting to my exim.
Just after Client Hello server sends "Handshake Failure" and closes
connection.
exim's cipher list is wide
Hi, I have problem with one server connecting to my exim.
Just after Client Hello server sends "Handshake Failure" and closes
connection.
exim's cipher list is wide
ALL:!EXPORT:!DES:!RC2:!RC4:!MD5:!PSK:!aNULL:!eNULL:!EXP:!SRP:!DSS:!DHE:!3DES
and contains ciphers that are mentioned by client,
14 matches
Mail list logo