[exim] Force TLSv1.2 on EXIM server (4.80.1)

Páxina inicial
Borrar esta mensaxe
Responder a esta mensaxe
Autor: 3YSTech Services
Data:  
Para: Exim-users
Asunto: [exim] Force TLSv1.2 on EXIM server (4.80.1)
Hello ,

I am trying to force TLS v1.2 on EXIM server. All Linux clients and Exim
servers have openssl-1.0.1e-42 rpm. I keep getting TLSv1 on logs.
"X=TLSv1:AES128-SHA:128"

** I tried adding tls_require_ciphers (below) on server but won't be able
to send email from clients .

openssl_options = +no_sslv2 +no_sslv3
tls_require_ciphers = ALL:!ADH:+HIGH:+MEDIUM:-LOW:-SSLv2:-SSLv3:-EXP

>From Linux client: SSL/TLS handshake failed: Cannot communicate securely

with peer: no common encryption algorithm(s).

>From EXIM server : TLS error on connection from Server.domain.com [IP

Address] (SSL_accept): error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no
shared cipher


** I tried to remove SSLv3 from ciphers and keep it in openssl_options and
I am back to TLSv1

openssl_options = +no_sslv2 +no_sslv3
tls_require_ciphers = ALL:!ADH:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP

I am not sure what I need to do to get it to use TLSv1.2

Thanks