https://bugs.exim.org/show_bug.cgi?id=2255
Jeremy Harris changed:
What|Removed |Added
Status|ASSIGNED|RESOLVED
https://bugs.exim.org/show_bug.cgi?id=2255
--- Comment #29 from Serg ---
Just for feedback,
Last changes in tls-openssl.c (Comment 27) was successfully for us.
Problems with our client-soft was solved.
Thank you for all your work.
--
You are receiving this mail because:
You
https://bugs.exim.org/show_bug.cgi?id=2255
Marcin Gryszkalis changed:
What|Removed |Added
CC||m...@fork.pl
--- Comment #28
https://bugs.exim.org/show_bug.cgi?id=2255
Git Commit changed:
What|Removed |Added
CC||g...@exim.org
--- Comment #27 from
https://bugs.exim.org/show_bug.cgi?id=2255
--- Comment #26 from exim@mx.zzux.com ---
As I see, there is four ways to avoid send error:
1 Stop using SSL/TLS at all :)
2 Set different hostnames for IMAP and SMTP
3 Change client software
4 Remove code part as described
> On Apr 4, 2018, at 2:35 PM, admin--- via Exim-dev wrote:
>
> We are ready to attach any dumps of exim debug or wireshark if it's necessary.
A "tshark" decode of the TLS handshake (text is better than screenshots) would
be most useful, one where the session cache mode is
https://bugs.exim.org/show_bug.cgi?id=2255
--- Comment #25 from Serg ---
I agree, but at this moment they are stopped supporting of substantial part of
their mail-clients (like Outlook Express, Windows Live 2009,2012, MS Office
Outlook 2003, 2007). Thats will be their answer i
https://bugs.exim.org/show_bug.cgi?id=2255
--- Comment #24 from Jeremy Harris ---
I guess the other question that ought to be asked is: has the problem been
described to Microsoft, and what answer did they give?
--
You are receiving this mail because:
You are on the CC
https://bugs.exim.org/show_bug.cgi?id=2255
--- Comment #23 from Serg ---
Yes, of course, we saw the difference between "old" and "new" version of
tls-openssl.c.
Patch replace line
"(void) SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);"
to this construction:
#ifdef
https://bugs.exim.org/show_bug.cgi?id=2255
--- Comment #22 from Phil Pennock ---
But the patch removes that line, so if you applied the patch then that line is
no longer present.
The patch replaces that line with one which leaves session cache negotiation
enabled (AIUI) but
https://bugs.exim.org/show_bug.cgi?id=2255
--- Comment #21 from Serg ---
P.S. The method which is described in Comment 13 -
removing line of disabling session cache from tls-openssl.c:
"(void) SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF); "
in our case was
https://bugs.exim.org/show_bug.cgi?id=2255
--- Comment #20 from Serg ---
Thanks for feedback (and for all another work) to developers.
Hurry to talk about our results.
Sadly, but in our case we don,t get a progress in problem decision.
Steps on CentOS 7.4:
1. Download sources
https://bugs.exim.org/show_bug.cgi?id=2255
--- Comment #19 from Phil Pennock ---
Patch looks sane to me. Folks who have experienced problems: can you please
try this patch and report back as to whether or not it addresses the problems?
--
You are receiving this mail because:
https://bugs.exim.org/show_bug.cgi?id=2255
Jeremy Harris changed:
What|Removed |Added
Status|NEW |ASSIGNED
--
You are
https://bugs.exim.org/show_bug.cgi?id=2255
--- Comment #18 from Jeremy Harris ---
Created attachment 1080
--> https://bugs.exim.org/attachment.cgi?id=1080=edit
set no internal session cache
--
You are receiving this mail because:
You are on the CC list for the bug.
--
https://bugs.exim.org/show_bug.cgi?id=2255
Phil Pennock changed:
What|Removed |Added
CC||p...@exim.org
--- Comment #16
https://bugs.exim.org/show_bug.cgi?id=2255
--- Comment #17 from Phil Pennock ---
Re forward secrecy: we don't support configuring an encryption key for session
tickets, so it's all going to be session caching. If we disable use of the
internal session store, and don't configure
https://bugs.exim.org/show_bug.cgi?id=2255
--- Comment #15 from Jeremy Harris ---
Background: the coding in Exim was changed as a result of this conversation:
https://lists.exim.org/lurker/message/20170329.184757.37924032.en.html
--
You are receiving this mail because:
https://bugs.exim.org/show_bug.cgi?id=2255
--- Comment #14 from Jeremy Harris ---
(In reply to Serg from comment #13)
> So, which ways we have now?
Try to find out how to tell Outlook not to try to use session caching against
the SMTP target (more particularly, not to
https://bugs.exim.org/show_bug.cgi?id=2255
Serg changed:
What|Removed |Added
CC||s8...@yandex.ru
--- Comment #13 from
https://bugs.exim.org/show_bug.cgi?id=2255
--- Comment #12 from exim@mx.zzux.com ---
I have removed next lines
/* Disable session cache unconditionally */
(void) SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
of file 'tls-openssl.c' and then Exim was recompiled.
It was solved
> On Mar 13, 2018, at 12:55 PM, admin--- via Exim-dev wrote:
>
> You would have to set NO_TICKET on the IMAP server, not
> Exim.
>
> What you could try, although I do not know whether it works,
> is to set -no_ticket in Exim, thus disabling the disabling of
> tickets.
https://bugs.exim.org/show_bug.cgi?id=2255
--- Comment #11 from exim@mx.zzux.com ---
A day before writing this topic I was trying various combinations of
"openssl_options" in Exim config, most of them were with no effect except few
of them, when SSL/TLS was unavailable at all.
Now I've added
https://bugs.exim.org/show_bug.cgi?id=2255
--- Comment #10 from Thorsten ---
You would have to set NO_TICKET on the IMAP server, not
Exim.
What you could try, although I do not know whether it works,
is to set -no_ticket in Exim, thus disabling the disabling of
https://bugs.exim.org/show_bug.cgi?id=2255
--- Comment #8 from Jeremy Harris ---
Also, given comment 5, you could try setting a nondefault openssl_options.
Before 7006ee24ec it was "+no_sslv2 +single_dh_use".
After: "+no_sslv2 +single_dh_use +no_ticket"
--
You are
https://bugs.exim.org/show_bug.cgi?id=2255
--- Comment #7 from Jeremy Harris ---
It might be a good idea to ask the OpenSSL mailing list:
openssl-users.openssl.org
--
You are receiving this mail because:
You are on the CC list for the bug.
--
## List details at
https://bugs.exim.org/show_bug.cgi?id=2255
tomputer changed:
What|Removed |Added
CC||e...@tomputer.nl
--- Comment #6
https://bugs.exim.org/show_bug.cgi?id=2255
Thorsten changed:
What|Removed |Added
CC||thorsten.ha...@freenet.ag
> On Mar 12, 2018, at 2:03 PM, admin--- via Exim-dev wrote:
>
> I was found differences between failure and success on 4.90_1 and 4.89.
> But I'm absolutely puzzled how to copy readable packet description from
> Wireshark to clipboard.
There's an example of how to do this
https://bugs.exim.org/show_bug.cgi?id=2255
--- Comment #4 from exim@mx.zzux.com ---
I was found differences between failure and success on 4.90_1 and 4.89.
But I'm absolutely puzzled how to copy readable packet description from
Wireshark to clipboard.
Exim 4.90 is missing SessionId in server
https://bugs.exim.org/show_bug.cgi?id=2255
--- Comment #3 from Jeremy Harris ---
Either side is fine for this.
--
You are receiving this mail because:
You are on the CC list for the bug.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim
https://bugs.exim.org/show_bug.cgi?id=2255
--- Comment #2 from exim@mx.zzux.com ---
The both logs are on 4.90_1.
Where I must to catch traffic with Wireshark - on the Windows side?
--
You are receiving this mail because:
You are on the CC list for the bug.
--
## List details at
https://bugs.exim.org/show_bug.cgi?id=2255
--- Comment #1 from Jeremy Harris ---
We don't have particularly good insight into what the SSL libraries do
(though I'm concerned that you managed to negotiate such a weak cipher).
Was the working conn you show using 4.89 or
33 matches
Mail list logo