On Fri, Mar 8, 2013 at 1:27 AM, Phil Pennock p...@exim.org wrote:
Might not be MS.
It looks like OpenSSL's AES-NI problems may be ongoing, and there's a
Debian bug which looks suspiciously similar, and has led to an
openssl-dev discussion:
Hi,
David Woodhouse dw...@infradead.org wrote in
news:1362749775.32099.77.ca...@i7.infradead.org:
--=-lUolITLqxB1dp+s6gcWk
On Thu, 2013-03-07 at 18:27 -0500, Phil Pennock wrote:
If you get a chance, could you try running an Exim which does *not*
disable any TLS protocols, but export into
On 2013-03-08 at 20:51 +0100, Bernd Kuhls wrote:
this does not solve the problem here. Only by re-adding
openssl_options = -all +no_tlsv1_1
I can send mails via smtp.live.com.
Okay, that's a data point which just confirms previous assertions that
Microsoft's TLS1.1 implementation might be
On Thu, 2013-03-07 at 18:27 -0500, Phil Pennock wrote:
If you get a chance, could you try running an Exim which does *not*
disable any TLS protocols, but export into its environ at startup:
OPENSSL_ia32cap=~0x202
?
My knowledge of the special OpenSSL capabilities
On 2013-02-26 at 16:53 +0200, Warren Baker wrote:
Thanks Phil, using +no_tlsv1_1 did the job. So a setting of
openssl_options = -all +no_tlsv1_1 is working fine and I havent seen
any problems for the last 12 hours or so.
When you refer to MS bugs around the use of TLS1.1/TLS1.2 are you
David Woodhouse dw...@infradead.org wrote in
news:1362053101.9810.31.ca...@i7.infradead.org:
Do you have a reference for the specific problem, and the name of a
publicly accessible Exchange server which manifests it?
I'm assuming it's a Microsoft bug? Has anyone looked at making OpenSSL
On Tue, 2013-02-26 at 22:23 -0500, Phil Pennock wrote:
When you refer to MS bugs around the use of TLS1.1/TLS1.2 are you
referring to MS exchange servers and Exim talking to them using TLS?
MS Exchange servers and interop with OpenSSL.
*sigh*
There's no good solution here going
On Mon, Feb 25, 2013 at 1:00 PM, Phil Pennock exim-us...@spodhuis.org wrote:
Try adding in +no_tlsv1_1 and +no_tlsv1_2 -- if this fixes it, then it
looks like MS bugs around the use of TLS1.1/TLS1.2.
Thanks Phil, using +no_tlsv1_1 did the job. So a setting of
openssl_options = -all +no_tlsv1_1
On 2013-02-26 at 16:53 +0200, Warren Baker wrote:
On Mon, Feb 25, 2013 at 1:00 PM, Phil Pennock exim-us...@spodhuis.org wrote:
Try adding in +no_tlsv1_1 and +no_tlsv1_2 -- if this fixes it, then it
looks like MS bugs around the use of TLS1.1/TLS1.2.
Thanks Phil, using +no_tlsv1_1 did the
On Wed, Feb 27, 2013 at 5:23 AM, Phil Pennock exim-us...@spodhuis.org wrote:
MS Exchange servers and interop with OpenSSL.
Ok i just wanted to clarify that, because the problem i experienced
was not only communicating with MS Exchange servers. One server was
running Exim 4.80 (according to the
On Sat, Feb 23, 2013 at 1:32 AM, Phil Pennock exim-us...@spodhuis.org wrote:
OpenSSL started supporting the newer renegotiation system in newer
branches.
Also, this is the CBC mode in pre-TLS1.1 so OpenSSL is probably using
the empty fragments mitigation for the IV weaknesses. As of release
On 2013-02-25 at 10:42 +0200, Warren Baker wrote:
Any other ideas?
Note that +all is SSL_OP_ALL from SSL_CTX_set_options and is *not*
all options, but all of a subset of options deemed safe.
You reported:
10:34:24 79951 openssl option, adding from 100: 8bff (all)
10:34:24 79951 setting
HI All,
Has anyone noticed a problem with exim-4.80.01+OpenSSL 1.0.1e
(installed from FreeBSD ports) and it delivering to remote hosts using
TLS?
Some remote hosts do work. Debugging shows that SSL negotiation
finished successfully but straight after that it is logged that the
remote closed the
W dniu 22.02.2013 14:29, Warren Baker pisze:
HI All,
Has anyone noticed a problem with exim-4.80.01+OpenSSL 1.0.1e
(installed from FreeBSD ports) and it delivering to remote hosts using
TLS?
Hi!
I've got simillar problem with openssl-1.0.1c. Exim couldn't deliver
email usint TLS to
On Friday 22 February 2013 15:29:56 Warren Baker wrote:
HI All,
Has anyone noticed a problem with exim-4.80.01+OpenSSL 1.0.1e
(installed from FreeBSD ports) and it delivering to remote hosts using
TLS?
Some remote hosts do work. Debugging shows that SSL negotiation
finished successfully
On Fri, Feb 22, 2013 at 7:27 PM, Alan Hicks ahi...@p-o.co.uk wrote:
This may be a cipher issue as they are different in your two examples.
Non Working
14:28:59 95534 Cipher: TLSv1:DES-CBC3-SHA:168
Working
Cipher: TLSv1:RC4-MD5:128
You could try the tls_require_ciphers option as per
On 2013-02-22 at 15:29 +0200, Warren Baker wrote:
Disabling TLS fixes the problem or reverting to OpenSSL 0.9.8q (part
of base in FreeBSD 8.2) fixes the problem.
Anyone have suggestions on the best way to debug this to determine if
its a OpenSSL or a Exim problem ?
It looks like TLS
17 matches
Mail list logo
