Hello,
tls_require_ciphers seems to be ignored on the server side:
argenau:/tmp/EXIM4# exim4 -bP tls_require_ciphers
tls_require_ciphers = EXPORT:-VERS-TLS1.2
argenau:/tmp/EXIM4# exim4 -bd -d+all-memory -v
Library version: GnuTLS: Compile: 2.12.19
Runtime: 2.12.19
[...]
13:41:31 20414 Listening...
[...]
Ok, now let's connect:
ametzler@argenau:/tmp/EXIM4$ openssl s_client -connect localhost:465
[...]
SSL-Session:
Protocol : TLSv1.2
[...]
And the debug log shows this:
13:42:57 20414 Connection request from 127.0.0.1 port 48534
13:42:57 20414 interface address=127.0.0.1 port=465
[...]
13:42:57 20416 initialising GnuTLS as a server
13:42:57 20416 GnuTLS global init required.
13:42:57 20416 initialising GnuTLS server session
13:42:57 20416 Expanding various TLS configuration options for session credentials.
13:42:57 20416 certificate file = /etc/exim4/exim.crt
13:42:57 20416 key file = /etc/exim4/exim.key
13:42:57 20416 TLS: cert/key registered
[...]
13:42:57 20416 Initialising GnuTLS server params.
13:42:57 20416 GnuTLS tells us that for D-H PK, NORMAL is 2432 bits.
13:42:57 20416 read D-H parameters from file "/var/spool/exim4/gnutls-params-2432"
13:42:57 20416 initialized server D-H parameters
13:42:57 20416 GnuTLS using default session cipher/priority "NORMAL"
cu andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'