On Tue, 29 Nov 2005, Daniel Tiefnig wrote:
> No, that doesn't help, allthough I can fix it by specifying the full
> cipher name in confs/2125:
>
> {DHE-RSA-AES256-SHA}{!DHE-RSA-AES256-SHA:DES-CBC3-SHA}}
Well, that works for me too, so maybe we should go with it. I don't
think it's an underscore vs hyphen thing, because it works for me with
both. (The code in Exim knows to turn underscores into hyphens for
OpenSSL and hyphens into underscores for GnuTLS. The underscores are
deliberate in this test, to check that.)
> Sadfully my knowledge about SSL cipher preference lists is very limited,
> so I don't know whether this will buy us anything.
I don't know much about this either, but the partial cipher suite names
should be legal, according to the OpenSSL documentation that I quote in
the reference manual (section 38.4 in the 4.60 edition). I wonder if
something has changed in OpenSSL? Can you easily check the documentation
for your version to see if it says anything about cipher suite names?
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.
Get the Exim 4 book: http://www.uit.co.uk/exim-book
