https://bugs.exim.org/show_bug.cgi?id=2255
Bug ID: 2255
Summary: TLS/SSL issue after upgading to 4.90
Product: Exim
Version: 4.90
Hardware: x86
OS: FreeBSD
Status: NEW
Severity: bug
Priority: medium
Component: TLS
Assignee: jgh146...@wizmail.org
Reporter: exim....@mx.zzux.com
CC: exim-dev@exim.org
After Exim upgrade to 4.90_1 Outlook Express cannot send at first attempt
(neither via TLS, nor via SSL).
Immediate second attempt is always successful.
This issue appears only when OE is first connected to an IMAPS server with the
same hostname as Exim.
Maybe OE is using some cached data which Exim rejects?
If I downgrade to 4.89 then error disappears.
First attempt log:
15:45:27.695 6120 SMTP<< STARTTLS
15:45:27.695 6120 setting SSL CTX options: 0x1104000
15:45:27.695 6120 Diffie-Hellman initialized from default with 2048-bit prime
15:45:27.695 6120 ECDH OpenSSL 1.0.2+ temp key parameter settings:
autoselection
15:45:27.695 6120 tls_certificate file /data/mail//ssl/exim.crt
15:45:27.695 6120 tls_privatekey file /data/mail//ssl/exim.key
15:45:27.695 6120 Initialized TLS
15:45:27.695 6120 host in tls_verify_hosts? no (option unset)
15:45:27.695 6120 host in tls_try_verify_hosts? no (option unset)
15:45:27.695 6120 SMTP>> 220 TLS go ahead
15:45:27.696 6120 Calling SSL_accept
15:45:27.696 6120 SSL info: before/accept initialization
15:45:27.696 6120 SSL info: before/accept initialization
15:45:27.696 6120 SSL info: SSLv3 read client hello A
15:45:27.696 6120 SSL info: SSLv3 write server hello A
15:45:27.696 6120 SSL info: SSLv3 write certificate A
15:45:27.696 6120 SSL info: SSLv3 write server done A
15:45:27.696 6120 SSL info: SSLv3 flush data
15:45:27.696 6120 SSL info: SSLv3 read client certificate A
15:45:27.703 6120 SSL info: SSLv3 read client key exchange A
15:45:27.703 6120 LOG: MAIN
15:45:27.703 6120 TLS error on connection from (oemail121231)
[192.168.232.195]:2015 I=[192.168.232.244]:587 (SSL_accept):
error:00000000:lib(0):func(0):reason(0)
Successful attempt log:
15:48:04.336 6140 SMTP<< STARTTLS
15:48:04.337 6140 setting SSL CTX options: 0x1104000
15:48:04.337 6140 Diffie-Hellman initialized from default with 2048-bit prime
15:48:04.337 6140 ECDH OpenSSL 1.0.2+ temp key parameter settings:
autoselection
15:48:04.337 6140 tls_certificate file /data/mail//ssl/exim.crt
15:48:04.337 6140 tls_privatekey file /data/mail//ssl/exim.key
15:48:04.337 6140 Initialized TLS
15:48:04.337 6140 host in tls_verify_hosts? no (option unset)
15:48:04.337 6140 host in tls_try_verify_hosts? no (option unset)
15:48:04.337 6140 SMTP>> 220 TLS go ahead
15:48:04.337 6140 Calling SSL_accept
15:48:04.337 6140 SSL info: before/accept initialization
15:48:04.337 6140 SSL info: before/accept initialization
15:48:04.338 6140 SSL info: SSLv3 read client hello A
15:48:04.338 6140 SSL info: SSLv3 write server hello A
15:48:04.338 6140 SSL info: SSLv3 write certificate A
15:48:04.338 6140 SSL info: SSLv3 write server done A
15:48:04.339 6140 SSL info: SSLv3 flush data
15:48:04.339 6140 SSL info: SSLv3 read client certificate A
15:48:04.384 6140 SSL info: SSLv3 read client key exchange A
15:48:04.384 6140 SSL info: SSLv3 read certificate verify A
15:48:04.384 6140 SSL info: SSLv3 read finished A
15:48:04.384 6140 SSL info: SSLv3 write change cipher spec A
15:48:04.384 6140 SSL info: SSLv3 write finished A
15:48:04.384 6140 SSL info: SSLv3 flush data
15:48:04.384 6140 SSL info: SSL negotiation finished successfully
15:48:04.384 6140 SSL info: SSL negotiation finished successfully
15:48:04.384 6140 SSL_accept was successful
15:48:04.384 6140 Cipher: TLSv1:RC4-MD5:128
15:48:04.384 6140 Shared ciphers:
RC4-MD5:RC4-SHA:DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA
15:48:04.384 6140 sender_fullhost = [192.168.232.195]:2017
15:48:04.384 6140 sender_rcvhost = [192.168.232.195] (port=2017)
15:48:04.384 6140 set_process_info: 6140 handling incoming TLS connection
from [192.168.232.195]:2017 I=[192.168.232.244]:587
15:48:04.384 6140 TLS active
15:48:04.384 6140 Calling SSL_read(0x28840600, 0x28845000, 4096)
15:48:04.385 6140 SMTP<< EHLO oemail121231
--
You are receiving this mail because:
You are on the CC list for the bug.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim
details at http://www.exim.org/ ##
