On Mon, 29 Nov 2004, Marc Haber wrote:
> |[1/499]mh@q:~/tmp$ exim -bP tls_require_ciphers
> |tls_require_ciphers = AES : 3DES : ARCFOUR
> |[2/500]mh@q:~/tmp$ echo "From: <mh@???>\n\ntestmail" | /usr/sbin/exim4 mh+testmail@???
> |Exim version 4.43 uid=0 gid=0 pid=5132 D=fbb95cfd
> <snip>
<snip>
> |cipher: TLS-1.0:RSA_ARCFOUR_SHA:16
<snip>
> The receiving host is running the same exim 4.43 binary with a very
> similiar configuration, but is missing the tls_require_cipher option.
> Why is ARCFOUR still the chosen cipher?
That I do not know, because I do not know how the client and server
negotiate these things. I am a complete novice at this TLS stuff. One
might suppose that the server's preferences take precedence, but I'm
guessing here. Have you tried
tls_require_ciphers = AES : 3DES
? That is, tried preventing it from using ARCFOUR at all?
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.
Get the Exim 4 book: http://www.uit.co.uk/exim-book
