Re: [Exim] ciphers for SMTP over TLS in exim?

Top Page
Delete this message
Reply to this message
Author: Philip Hazel
Date:  
To: Richard Welty
CC: exim-users
Subject: Re: [Exim] ciphers for SMTP over TLS in exim?
On Fri, 5 Oct 2001, Richard Welty wrote:

> how does exim handle negotiation of a cipher for smtp over tls?


It doesn't. It lets the OpenSSL library handle that. There is a call it
can use that tells OpenSSL a list of permitted ciphers. Exim 3 uses this
if you set the "verify_ciphers" option; the TLS setup fails if an
acceptable cipher can't be found. Exim 4 does not use this option; it
allows you to test the cipher later (gives more flexibility).

> i'm seeing that two exim boxes, both mine, both with
> tls_verify_ciphers defaulting to unset, are negotiating DES/SHA1 as
> the cipher suite. is there a reason why they're not going to 3DES?


If tls_verify_ciphers is unset, it's all up to the OpenSSL library.
I'm afraid I don't understand the internals.

Philip

-- 
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.