Bug#648638: exim4: new TLS error - (gnutls_handshake): The handshake data size is too large

Sun Nov 13 17:38:09 UTC 2011

Package: exim4
Version: 4.77-1
Severity: normal

Three machines

ns-11  (armv5tel) running  Debian stable    exim4 :  4.72-6+squeeze2   libgnutls2  :  2.8.6-1
ocelot (i386)     running  Debian testing   exim4 :  4.77-1            libgnutls26 :  2.12.11-1
puma   (amd64)    running  Debian testing   exim4 :  4.77-1            libgnutls26 :  2.12.11-1

Doing esmtpa machines with x509 certificate TLS and password authorisation has been working fine
between each machine until the last exim4 upgrade.

esmtpa mail from ocelot (testing) to ns-11 (stable) and from puma (testing) to ns-11 (stable)
continues to work without problems.

BUT esmtpa mail from any machine to ocelot (testing) or puma (testing) always fails now with

on the sending machine

   TLS error on connection to {host_name} [{IP ADDRESS}]
   (gnutls_handshake):
   The handshake data size is too large (DoS?), check gnutls_handshake_set_max_packet_length().

on the receiving machine

   TLS error on connection from {host_name} [{IP_ADDRESS}]:58605 I=[{IP_ADDRESS}]:25
   (gnutls_handshake):
   A TLS packet with unexpected length was received.

Clearly there is now a bug in newly updated Exim4 / gnutls combination in setting
up *incoming* TLS connections.

-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 3.0.0-1-686-pae (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash