Bug#478470: ca-certificates update breaks Exim4/etch client doing TLS with Exim4/testing
Marc Haber
mh+debian-packages at zugschlus.de
Tue Apr 29 15:30:10 UTC 2008
block 478470 with 478191
thanks
On Tue, Apr 29, 2008 at 08:56:01AM +0100, Jonathan McDowell wrote:
> I started seeing the "A TLS packet with unexpected length was received."
> error yesterday, with connections from a box running Etch (exim4
> 4.63-17) and using the box running testing as an SMTP relay with auth
> over TLS. At the time I was running 4.69-2+b1 but I've since upgraded to
> 4.69-4 in case that resolved it - it didn't.
>
> Looking at /var/log/dpkg.log for packages that where upgraded on
> 27th/28th (in particular I was looking for gnutls related things) the
> only potential candidate was ca-certificates, which I upgraded from
> 20070303-0.1 to 20080411 on the 27th. I "aptitude purge ca-certificates"
> and tried flushing the queue on the stable box; mail started flowing
> again.
That is a known gnutls issue: The solution is to disable some of the
CA Certificates in dpkg-reconfigure ca-certificates to get the initial
handshake size down.
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature | How to make an American Quilt | Fax: *49 3221 2323190
More information about the Pkg-exim4-maintainers
mailing list