Bug#841723: libgnutls30: Can't send mails with STARTTLS per exim

bs.net bs.net at gmx.de
Sat Oct 22 17:45:53 UTC 2016

Package: libgnutls30
Version: 3.5.5-2

After the upgrade of libgnutls30 from 3.5.4-2 to 3.5.5-2 I can't send mails 
with exim over STARTTLS.

On the client side (Debian Jessie) I get this error message:
> (gnutls_handshake): A TLS packet with unexpected length was received.

On the mailer side (Debian Stretch) I get this error message:
> (gnutls_handshake): Error in the pull function.

No further errors were logged.

STARTTLS is configured in exim.

I'm using strong ciphers and 2048 bits DH parameters:
> tls_require_ciphers = SECURE128:+SECURE192:!VERS-SSL3.0
> tls_dhparam = /etc/custom/dhparams_2048.pem

Neither removing the parameters, nor further changes solved the problem.

Only downgrading to version 3.5.4-2 solved the problem for me.

Maybe something related to the combination exim4-daemon-heavy                   
4.87-3+b1 and libgnutls30 3.5.5-2?

More information about the Pkg-gnutls-maint mailing list