Package: exim4-daemon-heavy Version: 4.44-2 Severity: important
Our exim4 installation is configured to advertise SMTP AUTH only after STARTTLS. The relevant part of exim4.conf.template looks like this:
log_selector = +tls_cipher +tls_peerdn tls_advertise_hosts = * tls_certificate = CONFDIR/ssl/server.crt tls_privatekey = CONFDIR/ssl/server.key
The certificate is signed by a self created and self signed CA.
If I now try to connect/authenticate with a MUA like Thunderbird I get an error on every second connection attempt. The corresponding log entries looks like this: 2005-02-27 18:26:42 TLS error on connection from dialin-212-144-131-181.arcor-ip.net [212.144.131.181] (gnutls_handshake): A TLS fatal alert has been received.
and Thunderbird displays a error message saying: server has sent an incorrect or unexpected message. Error Code: -12244. It doesn't matter if I import the CA certificate or accept the server certificate. Other MUAs behave slightly different. E.g. Opera Mail succeeds only on the first sent message and fails on every subsequent connection attempt, kmail seems to work properly.
As a workaround I recompiled exim4 and linked it against libgnutls10 and the errors were gone.
So the question is: * Is it a misconfiguration of exim4 (unlikely as it works with libgnutl10)? * Is it a bug in exim4? * Is it a bug in libgnutls11 or is libgnutls11 just stricter and more picky during the tls handshake? * Are the MUAs buggy?
What can I do to solve this problme? Linking against the old gnutls lib doesn't seem to be a good solution for me.
If you think this is a bug in libgnutls11 feel free to reassign the bug.
Cheers, Michael
-- ------------------------------------------------------------ E-Mail: [EMAIL PROTECTED] WWW: http://www.teco.edu/
TecO (Telecooperation Office) Vincenz-Priessnitz-Str.1 University of Karlsruhe 76131 Karlsruhe, Germany ------------------------------------------------------------
signature.asc
Description: OpenPGP digital signature
