Re: [exim] exim 4.43 and GnuTLS: How to control cipher negot…

Top Page
Delete this message
Reply to this message
Author: Philip Hazel
Date:  
To: Marc Haber
CC: exim-users
Subject: Re: [exim] exim 4.43 and GnuTLS: How to control cipher negotiation?
On Mon, 29 Nov 2004, Marc Haber wrote:

> |[1/499]mh@q:~/tmp$ exim -bP tls_require_ciphers
> |tls_require_ciphers = AES : 3DES : ARCFOUR
> |[2/500]mh@q:~/tmp$ echo "From: <mh@???>\n\ntestmail" | /usr/sbin/exim4 mh+testmail@???
> |Exim version 4.43 uid=0 gid=0 pid=5132 D=fbb95cfd
> <snip>


<snip>

> |cipher: TLS-1.0:RSA_ARCFOUR_SHA:16


<snip>

> The receiving host is running the same exim 4.43 binary with a very
> similiar configuration, but is missing the tls_require_cipher option.
> Why is ARCFOUR still the chosen cipher?


That I do not know, because I do not know how the client and server
negotiate these things. I am a complete novice at this TLS stuff. One
might suppose that the server's preferences take precedence, but I'm
guessing here. Have you tried

tls_require_ciphers = AES : 3DES

? That is, tried preventing it from using ARCFOUR at all?

-- 
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.
Get the Exim 4 book:    http://www.uit.co.uk/exim-book