[exim] Force TLSv1.2 on EXIM server (4.80.1)

Top Page
This message is part of the following thread:
M-\the complete thread tree sorted by date
M\M 
MMViktor Dukhovni at ->
Delete this message
Reply to this message
Author: 3YSTech Services
Date:  
To: Exim-users
Subject: [exim] Force TLSv1.2 on EXIM server (4.80.1)
Hello ,

I am trying to force TLS v1.2 on EXIM server. All Linux clients and Exim
servers have openssl-1.0.1e-42 rpm. I keep getting TLSv1 on logs.
"X=TLSv1:AES128-SHA:128"

** I tried adding tls_require_ciphers (below) on server but won't be able
to send email from clients .

openssl_options = +no_sslv2 +no_sslv3
tls_require_ciphers = ALL:!ADH:+HIGH:+MEDIUM:-LOW:-SSLv2:-SSLv3:-EXP

>From Linux client: SSL/TLS handshake failed: Cannot communicate securely
with peer: no common encryption algorithm(s).

>From EXIM server : TLS error on connection from Server.domain.com [IP
Address] (SSL_accept): error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no
shared cipher


** I tried to remove SSLv3 from ciphers and keep it in openssl_options and
I am back to TLSv1

openssl_options = +no_sslv2 +no_sslv3
tls_require_ciphers = ALL:!ADH:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP

I am not sure what I need to do to get it to use TLSv1.2

Thanks
This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Can I build both GnuTLS and OpenSSL into exim?Re: [exim] Force TLSv1.2 on EXIM server (4.80.1)->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)