Bug#348046: exim4-daemon-heavy: TLS delivery attempts fail with: (gnutls_handshake): A TLS packet with unexpected length was received.

[Ian Zimmerman]

So, now I tried with gnutls-bin, also interesting (?)

[EMAIL PROTECTED]:/etc/exim4/conf.d$ gnutls-cli-debug --port 25 -v localhost -d 
3
Resolving 'localhost'...
Connecting to '127.0.0.1:25'...
|<3>| HSK[806f430]: Keeping ciphersuite: RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[806f430]: Keeping ciphersuite: RSA_ARCFOUR_SHA1
|<3>| HSK[806f430]: Keeping ciphersuite: RSA_ARCFOUR_MD5
|<3>| HSK[806f430]: Keeping ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1
|<3>| HSK[806f430]: Keeping ciphersuite: DHE_DSS_ARCFOUR_SHA1
|<3>| HSK[806f430]: Keeping ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[806f430]: Removing ciphersuite: ANON_DH_3DES_EDE_CBC_SHA1
|<3>| HSK[806f430]: Removing ciphersuite: ANON_DH_ARCFOUR_MD5
|<3>| HSK[806f430]: Keeping ciphersuite: RSA_EXPORT_ARCFOUR_40_MD5
|<3>| HSK[806f430]: CLIENT HELLO was send [57 bytes]
|<2>| ASSERT: gnutls_record.c:494
|<2>| ASSERT: gnutls_record.c:908
|<2>| ASSERT: gnutls_buffers.c:1087
|<2>| ASSERT: gnutls_handshake.c:949
|<2>| ASSERT: gnutls_handshake.c:2209
Checking for TLS 1.1 support... no
|<3>| HSK[806f430]: Keeping ciphersuite: RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[806f430]: Keeping ciphersuite: RSA_ARCFOUR_SHA1
|<3>| HSK[806f430]: Keeping ciphersuite: RSA_ARCFOUR_MD5
|<3>| HSK[806f430]: Keeping ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1
|<3>| HSK[806f430]: Keeping ciphersuite: DHE_DSS_ARCFOUR_SHA1
|<3>| HSK[806f430]: Keeping ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[806f430]: Removing ciphersuite: ANON_DH_3DES_EDE_CBC_SHA1
|<3>| HSK[806f430]: Removing ciphersuite: ANON_DH_ARCFOUR_MD5
|<3>| HSK[806f430]: Keeping ciphersuite: RSA_EXPORT_ARCFOUR_40_MD5
|<3>| HSK[806f430]: CLIENT HELLO was send [57 bytes]
|<2>| ASSERT: gnutls_record.c:494
|<2>| ASSERT: gnutls_record.c:908
|<2>| ASSERT: gnutls_buffers.c:1087
|<2>| ASSERT: gnutls_handshake.c:949
|<2>| ASSERT: gnutls_handshake.c:2209
Checking fallback from TLS 1.1 to... failed
|<3>| HSK[806f430]: Keeping ciphersuite: RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[806f430]: Keeping ciphersuite: RSA_ARCFOUR_SHA1
|<3>| HSK[806f430]: Keeping ciphersuite: RSA_ARCFOUR_MD5
|<3>| HSK[806f430]: Keeping ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1
|<3>| HSK[806f430]: Keeping ciphersuite: DHE_DSS_ARCFOUR_SHA1
|<3>| HSK[806f430]: Keeping ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[806f430]: Removing ciphersuite: ANON_DH_3DES_EDE_CBC_SHA1
|<3>| HSK[806f430]: Removing ciphersuite: ANON_DH_ARCFOUR_MD5
|<3>| HSK[806f430]: Keeping ciphersuite: RSA_EXPORT_ARCFOUR_40_MD5
|<3>| HSK[806f430]: CLIENT HELLO was send [57 bytes]
|<2>| ASSERT: gnutls_record.c:494
|<2>| ASSERT: gnutls_record.c:908
|<2>| ASSERT: gnutls_buffers.c:1087
|<2>| ASSERT: gnutls_handshake.c:949
|<2>| ASSERT: gnutls_handshake.c:2209
Checking for TLS 1.0 support... no
|<3>| HSK[806f430]: Keeping ciphersuite: RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[806f430]: Keeping ciphersuite: RSA_ARCFOUR_SHA1
|<3>| HSK[806f430]: Keeping ciphersuite: RSA_ARCFOUR_MD5
|<3>| HSK[806f430]: Keeping ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1
|<3>| HSK[806f430]: Keeping ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[806f430]: Removing ciphersuite: ANON_DH_3DES_EDE_CBC_SHA1
|<3>| HSK[806f430]: Removing ciphersuite: ANON_DH_ARCFOUR_MD5
|<3>| HSK[806f430]: Keeping ciphersuite: RSA_EXPORT_ARCFOUR_40_MD5
|<3>| HSK[806f430]: CLIENT HELLO was send [55 bytes]
|<2>| ASSERT: gnutls_record.c:494
|<2>| ASSERT: gnutls_record.c:908
|<2>| ASSERT: gnutls_buffers.c:1087
|<2>| ASSERT: gnutls_handshake.c:949
|<2>| ASSERT: gnutls_handshake.c:2209
Checking for SSL 3.0 support... no

Server does not support none of SSL 3.0, TLS 1.0 and TLS 1.1
[EMAIL PROTECTED]:/etc/exim4/conf.d$ 

-- 
A true pessimist won't be discouraged by a little success.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]