Bug#673924: marked as done (openssl: 0.9.8o-4squeeze13 update broke exim4 TLS connection to FastMail)

Tue, 22 May 2012 10:36:12 -0700 

Your message dated Tue, 22 May 2012 19:32:38 +0200
with message-id <[email protected]>
and subject line Re: [Pkg-openssl-devel] Bug#673924: Bug#673924: openssl: 
0.9.8o-4squeeze13 update broke exim4 TLS connection to FastMail
has caused the Debian Bug report #673924,
regarding openssl: 0.9.8o-4squeeze13 update broke exim4 TLS connection to 
FastMail
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
673924: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=673924
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: openssl
Version: 0.9.8o-4squeeze13
Severity: normal


My exim4 server is configured to relay messages to FastMail as a
smarthost (using mail.messagingengine.com::587).

The day the openssl security update 0.9.8o-4squeeze13 was installed,
exim4 started failing to relay, logging:
  TLS error on connection to mail.messagingengine.com [66.111.4.52]
  (gnutls_handshake): The Diffie-Hellman prime sent by the server is not
  acceptable (not long enough).

It seems like some sort of default minimum acceptable key size must have
changed, or else FastMail changed something at the same time.  I can't
find any setting in exim4 to change this.

-- System Information:
Debian Release: 6.0.5
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-686 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages openssl depends on:
ii  libc6                  2.11.3-3          Embedded GNU C Library: Shared lib
ii  libssl0.9.8            0.9.8o-4squeeze13 SSL shared libraries
ii  zlib1g                 1:1.2.3.4.dfsg-3  compression library - runtime

openssl recommends no packages.

Versions of packages openssl suggests:
ii  ca-certificates    20090814+nmu3squeeze1 Common CA certificates

-- no debconf information

--- End Message ---
--- Begin Message --- 
On Tue, May 22, 2012 at 10:25:02AM -0700, Kevin J. McCarthy wrote:
> Kurt Roeckx wrote:
> > Exim is using gnutls, not openssl ...
> 
> Hmmm... I don't see any updates to gnutls for a couple months.  That
> probably means FastMail did something then.  Thank you for your help!
> Please close this bug out.

Closing it.


Kurt

--- End Message ---

Reply via email to