Bug#348046: exim4-daemon-heavy: TLS delivery attempts fail with:
(gnutls_handshake): A TLS packet with unexpected length was
received.
Ian Zimmerman
nobrowser at gmail.com
Wed Jul 26 01:39:55 UTC 2006
So, now I tried with gnutls-bin, also interesting (?)
itz at madbat:/etc/exim4/conf.d$ gnutls-cli-debug --port 25 -v localhost -d 3
Resolving 'localhost'...
Connecting to '127.0.0.1:25'...
|<3>| HSK[806f430]: Keeping ciphersuite: RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[806f430]: Keeping ciphersuite: RSA_ARCFOUR_SHA1
|<3>| HSK[806f430]: Keeping ciphersuite: RSA_ARCFOUR_MD5
|<3>| HSK[806f430]: Keeping ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1
|<3>| HSK[806f430]: Keeping ciphersuite: DHE_DSS_ARCFOUR_SHA1
|<3>| HSK[806f430]: Keeping ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[806f430]: Removing ciphersuite: ANON_DH_3DES_EDE_CBC_SHA1
|<3>| HSK[806f430]: Removing ciphersuite: ANON_DH_ARCFOUR_MD5
|<3>| HSK[806f430]: Keeping ciphersuite: RSA_EXPORT_ARCFOUR_40_MD5
|<3>| HSK[806f430]: CLIENT HELLO was send [57 bytes]
|<2>| ASSERT: gnutls_record.c:494
|<2>| ASSERT: gnutls_record.c:908
|<2>| ASSERT: gnutls_buffers.c:1087
|<2>| ASSERT: gnutls_handshake.c:949
|<2>| ASSERT: gnutls_handshake.c:2209
Checking for TLS 1.1 support... no
|<3>| HSK[806f430]: Keeping ciphersuite: RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[806f430]: Keeping ciphersuite: RSA_ARCFOUR_SHA1
|<3>| HSK[806f430]: Keeping ciphersuite: RSA_ARCFOUR_MD5
|<3>| HSK[806f430]: Keeping ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1
|<3>| HSK[806f430]: Keeping ciphersuite: DHE_DSS_ARCFOUR_SHA1
|<3>| HSK[806f430]: Keeping ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[806f430]: Removing ciphersuite: ANON_DH_3DES_EDE_CBC_SHA1
|<3>| HSK[806f430]: Removing ciphersuite: ANON_DH_ARCFOUR_MD5
|<3>| HSK[806f430]: Keeping ciphersuite: RSA_EXPORT_ARCFOUR_40_MD5
|<3>| HSK[806f430]: CLIENT HELLO was send [57 bytes]
|<2>| ASSERT: gnutls_record.c:494
|<2>| ASSERT: gnutls_record.c:908
|<2>| ASSERT: gnutls_buffers.c:1087
|<2>| ASSERT: gnutls_handshake.c:949
|<2>| ASSERT: gnutls_handshake.c:2209
Checking fallback from TLS 1.1 to... failed
|<3>| HSK[806f430]: Keeping ciphersuite: RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[806f430]: Keeping ciphersuite: RSA_ARCFOUR_SHA1
|<3>| HSK[806f430]: Keeping ciphersuite: RSA_ARCFOUR_MD5
|<3>| HSK[806f430]: Keeping ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1
|<3>| HSK[806f430]: Keeping ciphersuite: DHE_DSS_ARCFOUR_SHA1
|<3>| HSK[806f430]: Keeping ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[806f430]: Removing ciphersuite: ANON_DH_3DES_EDE_CBC_SHA1
|<3>| HSK[806f430]: Removing ciphersuite: ANON_DH_ARCFOUR_MD5
|<3>| HSK[806f430]: Keeping ciphersuite: RSA_EXPORT_ARCFOUR_40_MD5
|<3>| HSK[806f430]: CLIENT HELLO was send [57 bytes]
|<2>| ASSERT: gnutls_record.c:494
|<2>| ASSERT: gnutls_record.c:908
|<2>| ASSERT: gnutls_buffers.c:1087
|<2>| ASSERT: gnutls_handshake.c:949
|<2>| ASSERT: gnutls_handshake.c:2209
Checking for TLS 1.0 support... no
|<3>| HSK[806f430]: Keeping ciphersuite: RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[806f430]: Keeping ciphersuite: RSA_ARCFOUR_SHA1
|<3>| HSK[806f430]: Keeping ciphersuite: RSA_ARCFOUR_MD5
|<3>| HSK[806f430]: Keeping ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1
|<3>| HSK[806f430]: Keeping ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[806f430]: Removing ciphersuite: ANON_DH_3DES_EDE_CBC_SHA1
|<3>| HSK[806f430]: Removing ciphersuite: ANON_DH_ARCFOUR_MD5
|<3>| HSK[806f430]: Keeping ciphersuite: RSA_EXPORT_ARCFOUR_40_MD5
|<3>| HSK[806f430]: CLIENT HELLO was send [55 bytes]
|<2>| ASSERT: gnutls_record.c:494
|<2>| ASSERT: gnutls_record.c:908
|<2>| ASSERT: gnutls_buffers.c:1087
|<2>| ASSERT: gnutls_handshake.c:949
|<2>| ASSERT: gnutls_handshake.c:2209
Checking for SSL 3.0 support... no
Server does not support none of SSL 3.0, TLS 1.0 and TLS 1.1
itz at madbat:/etc/exim4/conf.d$
--
A true pessimist won't be discouraged by a little success.
More information about the Pkg-exim4-maintainers
mailing list