https://bugs.exim.org/show_bug.cgi?id=2372
Bug ID: 2372 Summary: GnuTLS 1.3 and no client cert, required by server, fails to retry in clear Product: Exim Version: 4.91 Hardware: All OS: Linux Status: NEW Severity: bug Priority: high Component: TLS Assignee: jgh146...@wizmail.org Reporter: jgh146...@wizmail.org CC: exim-dev@exim.org Possibly associated with late-verification of cert on server; the TLS handshake succeeds and the client does not see an error until the first data read, for the (crypted) EHLO-response. This is treated as a dataphase error during TLS, not as a TLS handshake failure, and the message is queued for retry. We expect the retries to fail the same way. Seen with GnuTLS 3.6.5 on f29, which is about the earliest TLS1.3-capable version. Workaround: tls_require_ciphers = NORMAL:-VERS-TLS1.3 -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##