Hello, I experience a strange issue with Exim (4.80), GnuTLS 2.12.20 on "my" side and outlook.com on the other side.
Exim+GnuTLS are running as a server. Outlook.com is configured to send
via authenticated SMTP via my server. They try to establish a
connection to port 587 and fail right after "change cipher spec" and
"encrypted handshake message".
I'll append a pcap file, in case somebody can get more information from
this.
Exim uses (IMHO) default settings when initializing the GnuTLS library.
A recent Exim version (4.88) doesn't change the behaviour. But if I
exchange GnuTLS for OpenSSL the issues goes away.
Is there any way to configure (priority string?) GnuTLS for
interoperability with outlook.com.
Some observation from Exim debugging:
GnuTLS using default session cipher/priority "NORMAL"
cipher: TLS1.2:RSA_AES_256_CBC_SHA256:256
followed by an connection drop (outlook.com sends FIN).
Working connections from outlook.com use ECDHE-RSA-AES256-GCM-SHA384
when I have OpenSSL on my side.
Any hint is appreciated. Does Exim need to do something when
initializing the GnuTLS library (I'm asking as an Exim developer).
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --------------- key ID: F69376CE -
! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -
outlook.pcap
Description: application/vnd.tcpdump.pcap
signature.asc
Description: Digital signature
_______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
