On 09/12/2022 10:33, Cyborg via Exim-users wrote:
since Fedora switched to openssl 3 (3.0.5 atm) we encounter these messages:
TLS session: (SSL_connect): error:0A000152:SSL routines::unsafe legacy
renegotiation disabled
For SMTP/TLS? Involving Exim?
The message looks like a courtesy note only, saying "I'm no longer prepared to
TLS-renegotiate this sort of connection"; something that TLS endpoints have
always
been permitted to do for any class of TLS connection, and not implying a fault.
This is connected to a 2009 CVE against common SSL libs ( nss, openssl etc.)
using an insecure form of handshake.
CVE number?
All faulty external mailserver have in common, that they are not up2date, as
they at least do not offer TLS 1.3 encryption.
On was even TLS 1.0 only ..
I'm unclear what you're saying here.
The question "if OpenSSL 3 is buggy or not" is under investigation atm.
I'm not sure why you think it is.
There is a workaround for the issue
What issue?
--
Cheers,
Jeremy
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
