[exim] Enabling ECDH

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Renaud Allard
Date:  
À: exim-users
Sujet: [exim] Enabling ECDH
Hello,

I am trying to enable ECDH (in server mode). Is there anything I forgot?

I am running exim 4.86.2 under OpenBSD 5.8 with LibreSSL 2.2.2
In my config file, I have:
tls_eccurve =   auto   (I tried with other primes too)
tls_require_ciphers =      !aNULL:CHACHA20:AES256:AES128:@STRENGTH
openssl_options = +no_compression +cipher_server_preference 
+single_dh_use +single_ecdh_use +no_session_resumption_on_renegotiation


I am trying to connect using:
openssl s_client -connect localhost:465 -cipher 'ECDH'
And that fails with
2016-03-07 09:47:32 [1347] TLS error on connection from localhost
[127.0.0.1]:4283 I=[127.0.0.1]:465 (SSL_accept): error:1408A0C1:SSL
routines:SSL3_GET_CLIENT_HELLO:no shared cipher

Thank you,
Best Regards