On 2013-02-26 at 16:53 +0200, Warren Baker wrote: > On Mon, Feb 25, 2013 at 1:00 PM, Phil Pennock <[email protected]> wrote: > > > > Try adding in +no_tlsv1_1 and +no_tlsv1_2 -- if this fixes it, then it > > looks like MS bugs around the use of TLS1.1/TLS1.2. > > Thanks Phil, using +no_tlsv1_1 did the job. So a setting of > openssl_options = -all +no_tlsv1_1 is working fine and I havent seen > any problems for the last 12 hours or so. > When you refer to MS bugs around the use of TLS1.1/TLS1.2 are you > referring to MS exchange servers and Exim talking to them using TLS?
MS Exchange servers and interop with OpenSSL. *sigh* There's no good solution here going forward, other than to limit things to TLS1.0 (which has had a longer history to shake loose issues) unless and until there's a positive indication of the remote server supporting something better and doing it right. Perhaps something in the DANE/MX stuff. -Phil -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
