[Pkg-exim4-users] TLS error
Ross Boylan
RossBoylan at stanfordalumni.org
Wed Apr 30 20:33:56 UTC 2008
On Tue, 2008-04-29 at 23:05 +0200, Marc Haber wrote:
> On Tue, Apr 29, 2008 at 01:35:08PM -0700, Ross Boylan wrote:
> > On Tue, 2008-04-29 at 22:29 +0200, Marc Haber wrote:
> > > On Tue, Apr 29, 2008 at 10:36:24AM -0700, Ross Boylan wrote:
> > > > I've just noticed that for at least the last 4 days my logs show errors
> > > > like
> > > > 2008-04-24 09:48:46 TLS error on connection from upstrm185.psg-ucsf.org
> > > > (iron.psg.net) [38.99.193.74] (gnutls_handshake): A TLS packet with
> > > > unexpected length was received.
> > >
> > > ca-certificates installed
> > Yes
and it was updated on 2008-04-24. The TLS errors seem to begin
coincident with the ca-certificates upgrade.
> > > and all CAs set to trusted?
> > I don't know where or how that's set.
>
> dpkg-reconfigure ca-certificates.
>
> If too many ca's are selected, the handshake gets too large and is
> aborted.
>
I did have all certificates set to trusted; I made perhaps 1/3
untrusted, and that seems to have solved the problem. Thanks.
It looks as if the earlier TLS failures did not block message receipt,
but they did mean the messages were sent unencrypted.
Does any of this indicate any defaults that might be good to change?
Ross
More information about the Pkg-exim4-users
mailing list