[exim-dev] [Bug 2255] TLS/SSL issue after upgading to 4.90
https://bugs.exim.org/show_bug.cgi?id=2255 Jeremy Harrischanged: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|--- |FIXED --- Comment #30 from Jeremy Harris --- Closing given comment 29. -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[exim-dev] [Bug 2255] TLS/SSL issue after upgading to 4.90
https://bugs.exim.org/show_bug.cgi?id=2255 --- Comment #29 from Serg--- Just for feedback, Last changes in tls-openssl.c (Comment 27) was successfully for us. Problems with our client-soft was solved. Thank you for all your work. -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[exim-dev] [Bug 2255] TLS/SSL issue after upgading to 4.90
https://bugs.exim.org/show_bug.cgi?id=2255 Marcin Gryszkalischanged: What|Removed |Added CC||m...@fork.pl --- Comment #28 from Marcin Gryszkalis --- Side note: It's possible to disable session cache on windows side for SCHANNEL based appliactions: https://support.microsoft.com/en-us/help/247658/how-to-configure-secure-sockets-layer-server-and-client-cache-elements but Outlook (not sure about Outlook Express/Live Mail) uses WinHttp: https://blogs.technet.microsoft.com/schrimsher/2016/07/08/enabling-tls-1-1-and-1-2-in-outlook-on-windows-7/ and I couldn't find any option for tls session cache. -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[exim-dev] [Bug 2255] TLS/SSL issue after upgading to 4.90
https://bugs.exim.org/show_bug.cgi?id=2255 Git Commitchanged: What|Removed |Added CC||g...@exim.org --- Comment #27 from Git Commit --- Git commit: https://git.exim.org/exim.git/commitdiff/a28050f855e0011e0b6f1b395d65e3cebcb277a2 commit a28050f855e0011e0b6f1b395d65e3cebcb277a2 Author: Jeremy Harris AuthorDate: Sun Apr 8 22:45:39 2018 +0100 Commit: Jeremy Harris CommitDate: Sun Apr 8 22:50:49 2018 +0100 OpenSSL: Revert the disabling of the session-cache. Bug 2255 Session cacheing is never useful, as we use a new context for every TLS startup. However, removing the support triggers odd behaviour from Outlook Express (only when there is an IMAP server on the same machine as Exim): an initial connect from the OE client fails, the immediate retry works. --- doc/doc-txt/ChangeLog | 3 +++ src/src/tls-openssl.c | 10 -- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 903840a..5e9d2af 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -200,6 +200,9 @@ JH/36 Fix reinitialisation of DKIM logging variable between messages. Previously it was possible to log spurious information in receive log lines. +JH/37 Bug 2255: Revert the disable of the OpenSSL session caching. This + triggered odd behaviour from Outlook Express clients. + Exim version 4.90 - diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c index c142bd0..bfdfe21 100644 --- a/src/src/tls-openssl.c +++ b/src/src/tls-openssl.c @@ -1601,9 +1601,15 @@ if (init_options) else DEBUG(D_tls) debug_printf("no SSL CTX options to set\n"); -/* Disable session cache unconditionally */ - +/* We'd like to disable session cache unconditionally, but foolish Outlook +Express clients then give up the first TLS connection and make a second one +(which works). Only when there is an IMAP service on the same machine. +Presumably OE is trying to use the cache for A on B. Leave it enabled for +now, until we work out a decent way of presenting control to the config. It +will never be used because we use a new context every time. */ +#ifdef notdef (void) SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF); +#endif /* Initialize with DH parameters if supplied */ /* Initialize ECDH temp key parameter selection */ -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[exim-dev] [Bug 2255] TLS/SSL issue after upgading to 4.90
https://bugs.exim.org/show_bug.cgi?id=2255 --- Comment #26 from exim@mx.zzux.com --- As I see, there is four ways to avoid send error: 1 Stop using SSL/TLS at all :) 2 Set different hostnames for IMAP and SMTP 3 Change client software 4 Remove code part as described https://bugs.exim.org/show_bug.cgi?id=2255#c12 (This two lines of code I found as only suspicious addition in compare with same file of 4.89) Methods 1-3 requires manual intervention to client devices -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
Re: [exim-dev] [Bug 2255] TLS/SSL issue after upgading to 4.90
> On Apr 4, 2018, at 2:35 PM, admin--- via Exim-devwrote: > > We are ready to attach any dumps of exim debug or wireshark if it's necessary. A "tshark" decode of the TLS handshake (text is better than screenshots) would be most useful, one where the session cache mode is per the upstream patch, and another where it is left at the default (the code setting the mode is removed). Capture a PCAP file of the traffic with: # port=587 # (or 465 as appropriate) # tcpdump -s0 -w /some/file tcp port $port ... hit control-C when you think you've captured enough relevant traffic... and post the decode for a single session from: $ tshark -r /some/file -d tcp.port==$port,ssl -V | sed -ne '/^Secure Sockets Layer/,/^$/p' You can pre-filter the PCAP file to extract just the data for a particular client session by IP and/or client TCP port: # tcpdump -s0 -r /some/file -w /some/other-file tcp port $client_port and host $client_ip # tcpdump -s0 -r /some/file -w /some/other-file tcp port $client_port # tcpdump -s0 -r /some/file -w /some/other-file host $client_ip then run tshark reading from "/some/other-file". -- Viktor. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[exim-dev] [Bug 2255] TLS/SSL issue after upgading to 4.90
https://bugs.exim.org/show_bug.cgi?id=2255 --- Comment #25 from Serg--- I agree, but at this moment they are stopped supporting of substantial part of their mail-clients (like Outlook Express, Windows Live 2009,2012, MS Office Outlook 2003, 2007). Thats will be their answer i think - pay for new) In any case, this remains OUR problem. Change all client's soft or keep old version of SMTP-server. Hard choice -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[exim-dev] [Bug 2255] TLS/SSL issue after upgading to 4.90
https://bugs.exim.org/show_bug.cgi?id=2255 --- Comment #24 from Jeremy Harris--- I guess the other question that ought to be asked is: has the problem been described to Microsoft, and what answer did they give? -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[exim-dev] [Bug 2255] TLS/SSL issue after upgading to 4.90
https://bugs.exim.org/show_bug.cgi?id=2255 --- Comment #23 from Serg--- Yes, of course, we saw the difference between "old" and "new" version of tls-openssl.c. Patch replace line "(void) SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);" to this construction: #ifdef SSL_SESS_CACHE_NO_INTERNAL (void) SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_NO_INTERNAL); #endif And we recompile Exim with this new construction in sources. But we don't see any difference in Exim's behavior after that. Same errors in the exim's debug output (exim -d-all+tls -bd) like in Description comment. And same errors on the client-side during first attempting to set TLS-connection. We are ready to attach any dumps of exim debug or wireshark if it's necessary. In P.S i wrote about our attemt making little "homemade" patch which remove source line "(void) SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);" and nothing add instead it. It allow our clients set first connection normal. But its wrong way we thought. -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[exim-dev] [Bug 2255] TLS/SSL issue after upgading to 4.90
https://bugs.exim.org/show_bug.cgi?id=2255 --- Comment #22 from Phil Pennock--- But the patch removes that line, so if you applied the patch then that line is no longer present. The patch replaces that line with one which leaves session cache negotiation enabled (AIUI) but suppresses storing details. -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[exim-dev] [Bug 2255] TLS/SSL issue after upgading to 4.90
https://bugs.exim.org/show_bug.cgi?id=2255 --- Comment #21 from Serg--- P.S. The method which is described in Comment 13 - removing line of disabling session cache from tls-openssl.c: "(void) SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF); " in our case was successfull too. Thats allow to Outlook set TLS connection on the first attempt. -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[exim-dev] [Bug 2255] TLS/SSL issue after upgading to 4.90
https://bugs.exim.org/show_bug.cgi?id=2255 --- Comment #20 from Serg--- Thanks for feedback (and for all another work) to developers. Hurry to talk about our results. Sadly, but in our case we don,t get a progress in problem decision. Steps on CentOS 7.4: 1. Download sources of Exim 4.90.1-3 2. Download a patch session-cache.patch (1118 bytes) 3. Put the patch-file in ~/rpmbuild/SOURCES 4. Change the SPEC-file in ~/rpmbuild/SPECS for processing new patch. 5. Build new RPM of Exim. 6. Check sources (~/rpmbuild/BUILD/exim-4.90.1/src/tls-openssl.c). Changes added by patch was applied. 7. Install recompiled Exim. Nothing changes. First TLS connection is broken (with TLS error on connection from (companygate) [111.111.111.111] I=[192.168.1.2]:465 (SSL_accept): error::lib(0):func(0):reason(0)), second - works normal. -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[exim-dev] [Bug 2255] TLS/SSL issue after upgading to 4.90
https://bugs.exim.org/show_bug.cgi?id=2255 --- Comment #19 from Phil Pennock--- Patch looks sane to me. Folks who have experienced problems: can you please try this patch and report back as to whether or not it addresses the problems? -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[exim-dev] [Bug 2255] TLS/SSL issue after upgading to 4.90
https://bugs.exim.org/show_bug.cgi?id=2255 Jeremy Harrischanged: What|Removed |Added Status|NEW |ASSIGNED -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[exim-dev] [Bug 2255] TLS/SSL issue after upgading to 4.90
https://bugs.exim.org/show_bug.cgi?id=2255 --- Comment #18 from Jeremy Harris--- Created attachment 1080 --> https://bugs.exim.org/attachment.cgi?id=1080=edit set no internal session cache -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[exim-dev] [Bug 2255] TLS/SSL issue after upgading to 4.90
https://bugs.exim.org/show_bug.cgi?id=2255 Phil Pennockchanged: What|Removed |Added CC||p...@exim.org --- Comment #16 from Phil Pennock --- I think we should seriously consider backing out that change. while Viktor is right that it's best to not have clients spend bandwidth on session caching stuff, it's a client-exposed protocol-level change, which means that clients which _demand_ session caching see a difference. The variance in amount of traffic is fairly minimal, not worth the disruption IMO. We might consider SSL_CTX_set_session_cache_mode(SSL_SESS_CACHE_NO_INTERNAL) instead, to just not try to save or look up session cache stuff, but I don't feel like digging into how portable that is across OpenSSL versions. We're optimizing session start-up, in SMTP (which is store-and-forward, not interactive) at the expense of client compatibility, even if it is dodgy clients. Unless and until there's a security issue disclosed with even offering session resumption, let's allow it? -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[exim-dev] [Bug 2255] TLS/SSL issue after upgading to 4.90
https://bugs.exim.org/show_bug.cgi?id=2255 --- Comment #17 from Phil Pennock--- Re forward secrecy: we don't support configuring an encryption key for session tickets, so it's all going to be session caching. If we disable use of the internal session store, and don't configure an external session store, then there's no compromise of FS because we're not storing anything which can be used to reconstruct sessions. -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[exim-dev] [Bug 2255] TLS/SSL issue after upgading to 4.90
https://bugs.exim.org/show_bug.cgi?id=2255 --- Comment #15 from Jeremy Harris--- Background: the coding in Exim was changed as a result of this conversation: https://lists.exim.org/lurker/message/20170329.184757.37924032.en.html -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[exim-dev] [Bug 2255] TLS/SSL issue after upgading to 4.90
https://bugs.exim.org/show_bug.cgi?id=2255 --- Comment #14 from Jeremy Harris--- (In reply to Serg from comment #13) > So, which ways we have now? Try to find out how to tell Outlook not to try to use session caching against the SMTP target (more particularly, not to assume that the _same_ session that it had against the IMAP target is valid for the SMTP target). Try to find out how to tell Outlook to not use session caching at all. Try disabling session-caching on the IMAP provider. Warning: using session caching compromises Forward Secrecy, if I understand correctly. -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[exim-dev] [Bug 2255] TLS/SSL issue after upgading to 4.90
https://bugs.exim.org/show_bug.cgi?id=2255 Sergchanged: What|Removed |Added CC||s8...@yandex.ru --- Comment #13 from Serg --- Hi, We are also have the same problem after upgrading from 4.84 to 4.90. So, which ways we have now? Manually rebuild exim from sources ([url]https://bugs.exim.org/show_bug.cgi?id=2255#c12[/url])? -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[exim-dev] [Bug 2255] TLS/SSL issue after upgading to 4.90
https://bugs.exim.org/show_bug.cgi?id=2255 --- Comment #12 from exim@mx.zzux.com --- I have removed next lines /* Disable session cache unconditionally */ (void) SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF); of file 'tls-openssl.c' and then Exim was recompiled. It was solved this issue. -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
Re: [exim-dev] [Bug 2255] TLS/SSL issue after upgading to 4.90
> On Mar 13, 2018, at 12:55 PM, admin--- via Exim-devwrote: > > You would have to set NO_TICKET on the IMAP server, not > Exim. > > What you could try, although I do not know whether it works, > is to set -no_ticket in Exim, thus disabling the disabling of > tickets. Hopefully the effect is that Exim will hand out tickets. > Those will never match the ones carried over from IMAP and Exim > does not offer resume anyway, so no harm done. It might not do > anything at all, since NO_TICKET is hardcoded into the Exim sources. Based on this thread, it sounds to me like Outlook expects the *same* ticket (or more generally resumable session) to work across both IMAP and SMTP submission. If so, then if IMAP session caching is enabled, no matter how you configure Exim, you can't win, because the IMAP server and SMTP server don't have an integrated shared session cache! The only "solution" is for both IMAP and submission to not offer session resumption. Mind you, if the submission client just reconnects to negotiate a new session, rather that continue with a full handshake, and this is all transparent to the user, then apart from some noise in the logs this is completely harmless, and you could just leave it the way it is with IMAP sessions cached (users read a lot more mail then the send). -- Viktor. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[exim-dev] [Bug 2255] TLS/SSL issue after upgading to 4.90
https://bugs.exim.org/show_bug.cgi?id=2255 --- Comment #11 from exim@mx.zzux.com --- A day before writing this topic I was trying various combinations of "openssl_options" in Exim config, most of them were with no effect except few of them, when SSL/TLS was unavailable at all. Now I've added ssl_options = no_ticket to Dovecot config, nothing's changed. -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[exim-dev] [Bug 2255] TLS/SSL issue after upgading to 4.90
https://bugs.exim.org/show_bug.cgi?id=2255 --- Comment #10 from Thorsten--- You would have to set NO_TICKET on the IMAP server, not Exim. What you could try, although I do not know whether it works, is to set -no_ticket in Exim, thus disabling the disabling of tickets. Hopefully the effect is that Exim will hand out tickets. Those will never match the ones carried over from IMAP and Exim does not offer resume anyway, so no harm done. It might not do anything at all, since NO_TICKET is hardcoded into the Exim sources. Best regards, Thorsten -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[exim-dev] [Bug 2255] TLS/SSL issue after upgading to 4.90
https://bugs.exim.org/show_bug.cgi?id=2255 --- Comment #8 from Jeremy Harris--- Also, given comment 5, you could try setting a nondefault openssl_options. Before 7006ee24ec it was "+no_sslv2 +single_dh_use". After: "+no_sslv2 +single_dh_use +no_ticket" -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[exim-dev] [Bug 2255] TLS/SSL issue after upgading to 4.90
https://bugs.exim.org/show_bug.cgi?id=2255 --- Comment #7 from Jeremy Harris--- It might be a good idea to ask the OpenSSL mailing list: openssl-users.openssl.org -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[exim-dev] [Bug 2255] TLS/SSL issue after upgading to 4.90
https://bugs.exim.org/show_bug.cgi?id=2255 tomputerchanged: What|Removed |Added CC||e...@tomputer.nl --- Comment #6 from tomputer --- Hi, We are also experiencing the same problem after upgrading from 4.89 to 4.90. Software versions are: - Microsoft Outlook 2016 MSO (16.0.9029.2106) - Exim version 4.90_1 The workaround with different server names for incoming and outgoing servers works. It looks like the client caches something (TLS session?) for the server name, either from the incoming our outoing connection. We are not able to reproduce this with Swaks (Debian) or Apple Mail (macOS and iOS) so it may be a Windows/Outlook specific issue. Exim debug log (real names and IP's are masked): 9919 SMTP>> 250-server.example.com Hello customer.direct-adsl.nl [11.11.11.11] 9919 250-SIZE 52428800 9919 250-8BITMIME 9919 250-PIPELINING 9919 250-AUTH PLAIN LOGIN 9919 250-STARTTLS 9919 250 HELP 9919 SMTP<< STARTTLS 9919 openssl option, adding from 1104000: 100 (no_sslv2 +no_sslv3) 9919 openssl option, adding from 1104000: 200 (no_sslv3) 9919 setting SSL CTX options: 0x3104000 9919 Diffie-Hellman initialized from default with 2048-bit prime 9919 ECDH OpenSSL < 1.0.2: temp key parameter settings: overriding "auto" with "prime256v1" 9919 ECDH: curve 'prime256v1' 9919 ECDH: enabled 'prime256v1' curve 9919 tls_certificate file /etc/exim.pem 9919 tls_privatekey file /etc/exim.pem 9919 Initialized TLS 9919 required ciphers: ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-$ 9919 host in tls_verify_hosts? no (option unset) 9919 host in tls_try_verify_hosts? no (option unset) 9919 SMTP>> 220 TLS go ahead 9919 Calling SSL_accept 9919 SSL info: before/accept initialization 9919 SSL info: before/accept initialization 9919 Received TLS SNI "server.example.com" (unused for certificate selection) 9919 SSL info: SSLv3 read client hello A 9919 SSL info: SSLv3 write server hello A 9919 SSL info: SSLv3 write certificate A 9919 SSL info: SSLv3 write server done A 9919 SSL info: SSLv3 flush data 9919 SSL info: SSLv3 read client certificate A 9919 LOG: MAIN 9919 TLS error on connection from customer.direct-adsl.nl (PC) [11.11.11.11] (SSL_accept): error::lib(0):func(0):reason(0) 9919 TLS failed to start 9919 LOG: smtp_connection MAIN 9919 SMTP connection from customer.direct-adsl.nl (PC) [11.11.11.11] closed by EOF 9919 search_tidyup called 9919 SMTP>>(close on process exit) -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[exim-dev] [Bug 2255] TLS/SSL issue after upgading to 4.90
https://bugs.exim.org/show_bug.cgi?id=2255 Thorstenchanged: What|Removed |Added CC||thorsten.ha...@freenet.ag --- Comment #5 from Thorsten --- Hi, we are experiencing the same problem. The detail about the previous IMAP connection in this bug report allowed us to develop a workaround. Notice that the changelog mentions that SSL tickets were disabled in Exim 4.90. Conclusion must be that Outlook get confused and terminates the SSL connection if it has a ticket from IMAP, but on subsequent SMTP is offered none with an empty session ID. We disabled SSL sessions[1] on our SSL termination layer and were able to send mails through Outlook. It remains to determine whether Outlook or Exim is the guilty party. Best regards, Thorsten [1] Add NO_TICKET to context options and set session id to NULL -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
Re: [exim-dev] [Bug 2255] TLS/SSL issue after upgading to 4.90
> On Mar 12, 2018, at 2:03 PM, admin--- via Exim-devwrote: > > I was found differences between failure and success on 4.90_1 and 4.89. > But I'm absolutely puzzled how to copy readable packet description from > Wireshark to clipboard. There's an example of how to do this with tshark in: https://mta.openssl.org/pipermail/openssl-users/2017-April/005624.html -- Viktor. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[exim-dev] [Bug 2255] TLS/SSL issue after upgading to 4.90
https://bugs.exim.org/show_bug.cgi?id=2255 --- Comment #4 from exim@mx.zzux.com --- I was found differences between failure and success on 4.90_1 and 4.89. But I'm absolutely puzzled how to copy readable packet description from Wireshark to clipboard. Exim 4.90 is missing SessionId in server hello. First attempt client hello to server, both 4.89 & 4.90: https://paste.pics/8aacf762bc610c80690e747ab5842d5b Bad exim4.90 server hello (OE drops connection immediately after it): https://paste.pics/904ec493df1e26fa57069ac5082861f7 Good exim4.89 server hello: https://paste.pics/db740b25ba74f7e76c89cd0f5ab02346 Second attempt client hello to 4.90 https://paste.pics/e0b693acc7d13f7f6273fd84b7f00750 Good exim4.90 server hello: https://paste.pics/ee88288cc7a3d64b788d66fe8dbb1cff -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[exim-dev] [Bug 2255] TLS/SSL issue after upgading to 4.90
https://bugs.exim.org/show_bug.cgi?id=2255 --- Comment #3 from Jeremy Harris--- Either side is fine for this. -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[exim-dev] [Bug 2255] TLS/SSL issue after upgading to 4.90
https://bugs.exim.org/show_bug.cgi?id=2255 --- Comment #2 from exim@mx.zzux.com --- The both logs are on 4.90_1. Where I must to catch traffic with Wireshark - on the Windows side? -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[exim-dev] [Bug 2255] TLS/SSL issue after upgading to 4.90
https://bugs.exim.org/show_bug.cgi?id=2255 --- Comment #1 from Jeremy Harris--- We don't have particularly good insight into what the SSL libraries do (though I'm concerned that you managed to negotiate such a weak cipher). Was the working conn you show using 4.89 or 4.90.1 ? Can you get packet captures on 4.90.1 for both the failing and working connects, and look for differences at the SSL level using Wireshark? -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##