[exim] Force TLSv1.2 on EXIM server (4.80.1)

Page principale
Ce message fait partie du fil suivant :
M-\Arborescence complète du fil triée par date
M\M 
MMViktor Dukhovni à ->
Supprimer ce message
Répondre à ce message
Auteur: 3YSTech Services
Date:  
À: Exim-users
Sujet: [exim] Force TLSv1.2 on EXIM server (4.80.1)
Hello ,

I am trying to force TLS v1.2 on EXIM server. All Linux clients and Exim
servers have openssl-1.0.1e-42 rpm. I keep getting TLSv1 on logs.
"X=TLSv1:AES128-SHA:128"

** I tried adding tls_require_ciphers (below) on server but won't be able
to send email from clients .

openssl_options = +no_sslv2 +no_sslv3
tls_require_ciphers = ALL:!ADH:+HIGH:+MEDIUM:-LOW:-SSLv2:-SSLv3:-EXP

>From Linux client: SSL/TLS handshake failed: Cannot communicate securely
with peer: no common encryption algorithm(s).

>From EXIM server : TLS error on connection from Server.domain.com [IP
Address] (SSL_accept): error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no
shared cipher


** I tried to remove SSLv3 from ciphers and keep it in openssl_options and
I am back to TLSv1

openssl_options = +no_sslv2 +no_sslv3
tls_require_ciphers = ALL:!ADH:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP

I am not sure what I need to do to get it to use TLSv1.2

Thanks
Ce message a été envoyé sur les listes de diffusion suivantes :
Exim-users
Informations sur la liste de diffusion | Messages voisins		<-Re: [exim] Can I build both GnuTLS and OpenSSL into exim?Re: [exim] Force TLSv1.2 on EXIM server (4.80.1)->
Tahini and Hummus and Cumin Development Archives administré par cumin AdminsLurker (version 2.3)