Autor: 3YSTech Services Data: Para: Exim-users Asunto: [exim] Force TLSv1.2 on EXIM server (4.80.1)
Hello ,
I am trying to force TLS v1.2 on EXIM server. All Linux clients and Exim
servers have openssl-1.0.1e-42 rpm. I keep getting TLSv1 on logs.
"X=TLSv1:AES128-SHA:128"
** I tried adding tls_require_ciphers (below) on server but won't be able
to send email from clients .
openssl_options = +no_sslv2 +no_sslv3
tls_require_ciphers = ALL:!ADH:+HIGH:+MEDIUM:-LOW:-SSLv2:-SSLv3:-EXP
>From Linux client: SSL/TLS handshake failed: Cannot communicate securely with peer: no common encryption algorithm(s).
>From EXIM server : TLS error on connection from Server.domain.com [IP Address] (SSL_accept): error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no
shared cipher
** I tried to remove SSLv3 from ciphers and keep it in openssl_options and
I am back to TLSv1