Author: Ian FREISLICH Date: To: exim-users Subject: Re: [exim] 'X=TLSv1: ...' in exim log file
Sander Smeenk wrote: > Quoting Robert Cates (robert@???):
>
> > What would I need to do to increase my Exim TLS/SSL connections to 256-bit?
>
> I've wondered about this too. I think it has to do with the type of cert
> you create for Exim to use. Not sure though. Could also be a compiletime
> setting maybe...
>
> It's still on my 'Need-to-check-that-out-soon'-list.
Maybe you should have a look at:
tls_require_ciphers
Use: main
Type: string, expanded
Default: unset
This option controls which ciphers can be used for incoming TLS
connections. The smtp transport has an option of the same name for
controlling outgoing connections. This option is expanded for each
connection, so can be varied for different clients if required. The
value of this option must be a list of permitted cipher suites. The
OpenSSL and GnuTLS libraries handle cipher control in somewhat
different ways. If GnuTLS is being used, the client controls the
preference order of the available ciphers. Details are given in
sections 38.3 and 38.4