Author: John W. Baxter Date: To: exim-users Subject: Re: [exim] exim 4.43 and GnuTLS: How to control cipher
negotiation?
On 12/1/2004 22:02, "Marc Haber" <mh+exim-users@???> wrote:
> On Wed, 1 Dec 2004 09:51:54 +0000 (GMT), Philip Hazel
> <ph10@???> wrote:
>> On Tue, 30 Nov 2004, Marc Haber wrote:
>>> When using gnutls-cli, a better cipher is negotiated. Who contributed
>>> the GnuTLS Interface?
>>
>> Nikos Mavroyanopoulos provided GnuTLS proof of concept code;
>
> Unfortunately, his e-mail address is not in the exim-users archive and
> not in the exim distribution.
>
>> Yes, I realize that; I didn't mean you to use that for real, but just to
>> test whether tls_require_ciphers was working at all.
>
> Thanks for that idea. Even with tls_require_ciphers = AES : 3DES,
> messages go out with X=TLS-1.0:RSA_ARCFOUR_SHA:16.
>
> So either I have done something wrong, or there is something wrong
> with my exim binary.
There are both general section tls_require_ciphers (for incoming) and smtp
transport tls_require_ciphers (for outgoing) options.
Just to keep me sane*, you did use the one on the transport (and the right
transport, at that), correct?
Cheers...John
*may be impossible: make that TRY to keep me sane:
"You're driving me crazy."
"That's not a drive, it's a short putt."
