tags #294952 unreproducible thanks Hi!
Sorry for taking so long to respond, I was on vacation. On Sat, Feb 12, 2005 at 05:59:46PM +0100, Michal ??iha?? wrote: > While sending message to MTA that does support TLS I get these errors in > log: > > TLS error on connection to mail.sourceforge.net [66.35.250.206] (RSA params > import): The scanning of a large integer has failed. > TLS session failure: delivering unencrypted to mail.sourceforge.net > [66.35.250.206] (not in hosts_require_tls) > > TLS error on connection to relay.muni.cz [147.251.4.35] (RSA params import): > The scanning of a large integer has failed. > TLS session failure: delivering unencrypted to relay.muni.cz [147.251.4.35] > (not in hosts_require_tls) > > Obviously when there is host for which I require TLS, sending completely > fails. > > On 2005-02-09 these mails went okay, today it causes problems, so there > might be problem in some dependant library (I have almost every day > updated unstable). My test host, running current unstable, does happily deliver via TLS. I cannot reproduce this: 2005-02-16 21:34:00 1D1Vs0-0001Ol-EY <= [EMAIL PROTECTED] U=mh P=local S=1542 [EMAIL PROTECTED] 2005-02-16 21:34:02 1D1Vs0-0001Ol-EY -> [EMAIL PROTECTED] R=smarthost T=remote_smtp_smarthost H=82018.int0.torres.int.l21.ma.zugschlus.de [192.168.130.1] X=TLS-1.0:RSA_AES_256_CBC_SHA:32 Can you try using gnutls-cli to determine whether you have a generic gnutls-issue? Just in case you are not familiar with gnutls-cli: [6/[EMAIL PROTECTED]:~$ gnutls-cli -s -p 25 torres Resolving 'torres'... Connecting to '192.168.130.1:25'... - Simple Client Mode: 220 torres.int.l21.ma.zugschlus.de ESMTP Exim 4.44 Wed, 16 Feb 2005 21:40:15 +0100 EHLO lefler.int.l21.ma.zugschlus.de 250-torres.int.l21.ma.zugschlus.de Hello lefler.int.l21.ma.zugschlus.de [192.168.130.38] 250-SIZE 20971520 250-PIPELINING 250-STARTTLS 250 HELP starttls 220 TLS go ahead <Ctrl-D here> *** Starting TLS handshake - Certificate type: X.509 - Got a certificate list of 1 certificates. - Certificate[0] info: # The hostname in the certificate does NOT match 'torres'. # valid since: Wed Nov 24 11:59:00 CET 2004 # expires at: Sat Apr 10 12:59:00 CEST 2032 # serial number: 00 # fingerprint: b8 c0 01 4c 2d eb 4c 13 0b 28 45 e9 65 09 34 84 # version: #3 # public key algorithm: RSA # Modulus: 1024 bits # Subject's DN: C=DE,L=Mannheim,O=Marc Haber,CN=torres.l21.ma.zugschlus.de (exim4 E-Mail System),[EMAIL PROTECTED] # Issuer's DN: C=DE,L=Mannheim,O=Marc Haber,CN=torres.l21.ma.zugschlus.de (exim4 E-Mail System),[EMAIL PROTECTED] - Peer's certificate issuer is unknown - Peer's certificate is NOT trusted - Ephemeral DH using prime of 768 bits, secret key of 759 bits, and peer's public key is 764 bits. - Version: TLS 1.0 - Key Exchange: DHE RSA - Cipher: AES 256 CBC - MAC: SHA - Compression: NULL ehlo lefler.int.l21.ma.zugschlus.de 250-torres.int.l21.ma.zugschlus.de Hello lefler.int.l21.ma.zugschlus.de [192.168.130.38] 250-SIZE 20971520 250-PIPELINING 250 HELP quit 221 torres.int.l21.ma.zugschlus.de closing connection - Peer has closed the GNUTLS connection [7/[EMAIL PROTECTED]:~$ This bug is currently holding me back from asking the release team to hint exim 4.44 into sarge. I would appreciate a swift answer. Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
