A mysterious email problem - solved
Two years ago I heard from a friend that they wanted to send an email to my wife, but the email never went through. Instead the friend received an automated message from their email provider (Gmail) informing them that the email delivery had permanently failed. The automated message contained this error information:
TLS Negotiation failed: FAILED_PRECONDITION: starttls error (71):
6945907163592:error:10000417:SSL routines:
OPENSSL_internal:SSLV3_ALERT_ILLEGAL_PARAMETER:
third_party/openssl/boringssl/src/ssl/tls_record.cc:594:SSL alert number 47
I had never seen something like that before, also none of the contacts that are sending us private or business messages on a regular basis had ever reported any problems with sending us emails. I did some tests, such as checking the certificates being used by the Exim MTA on my dedicated Linux server (they were in order), but also sending myself an email from my own Gmail account (the email arrived). So nothing seemed amiss.
I then tried to find out more about the root cause by searching the net for keywords from the error message above, but was ultimately unsuccessful. As a side effect I found out the following about BoringSSL from their website:
BoringSSL is a fork of OpenSSL that is designed to meet Google’s needs.
So at this point it looked like this was a) a Gmail-specific issue that b) mysteriously affected only our friend (remember: I had been able to send myself emails from my own Gmail account). Lacking the time for further investigation, I dropped the case for the moment, after which it lay dormant for the next two years - until I was jolted by its reoccurrence a few days ago!