[Exim] ciphers for SMTP over TLS in exim?

Top Page
Delete this message
Reply to this message
Author: Richard Welty
Date:  
To: exim-users
Subject: [Exim] ciphers for SMTP over TLS in exim?
how does exim handle negotiation of a cipher for smtp over tls?

i'm seeing that two exim boxes, both mine, both with
tls_verify_ciphers defaulting to unset, are negotiating DES/SHA1 as
the cipher suite. is there a reason why they're not going to 3DES?

most all of the smtp over tls i'm seeing is going to RC4 (boo, hiss)
or DES, with an even mixture of SHA1 or MD5 for the hash function.
can i coerce it into going to 3DES where available? a quick visit to
the manual wasn't very revealing.

and yes, i know this is mildly silly as SMTP over TLS can't provide
authenticated, end-to-end security no matter what you do.

richard