[exim-dev] 4.80 RC2 / GnuTLS 2.12.19: tls_require_ciphers (s…

Top Page
Delete this message
Reply to this message
Author: Andreas Metzler
Date:  
To: exim-dev
Subject: [exim-dev] 4.80 RC2 / GnuTLS 2.12.19: tls_require_ciphers (server side) ignored
Hello,

tls_require_ciphers seems to be ignored on the server side:

argenau:/tmp/EXIM4# exim4 -bP tls_require_ciphers
tls_require_ciphers = EXPORT:-VERS-TLS1.2

argenau:/tmp/EXIM4# exim4 -bd -d+all-memory -v
Library version: GnuTLS: Compile: 2.12.19
                         Runtime: 2.12.19
[...]
13:41:31 20414 Listening...
[...]



Ok, now let's connect:
ametzler@argenau:/tmp/EXIM4$ openssl s_client  -connect localhost:465
[...]
SSL-Session:
    Protocol  : TLSv1.2
[...]


And the debug log shows this:
13:42:57 20414 Connection request from 127.0.0.1 port 48534
13:42:57 20414 interface address=127.0.0.1 port=465
[...]
13:42:57 20416 initialising GnuTLS as a server
13:42:57 20416 GnuTLS global init required.
13:42:57 20416 initialising GnuTLS server session
13:42:57 20416 Expanding various TLS configuration options for session credentials.
13:42:57 20416 certificate file = /etc/exim4/exim.crt
13:42:57 20416 key file = /etc/exim4/exim.key
13:42:57 20416 TLS: cert/key registered
[...]
13:42:57 20416 Initialising GnuTLS server params.
13:42:57 20416 GnuTLS tells us that for D-H PK, NORMAL is 2432 bits.
13:42:57 20416 read D-H parameters from file "/var/spool/exim4/gnutls-params-2432"
13:42:57 20416 initialized server D-H parameters
13:42:57 20416 GnuTLS using default session cipher/priority "NORMAL"

cu andreas

--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'