Re: [exim] Exim 4.88 RC4 uploaded

Top Page
Delete this message
Reply to this message
Author: Torsten Tributh
Date:  
To: exim-users
Subject: Re: [exim] Exim 4.88 RC4 uploaded


On 11/19/2016 06:07 PM, Jeremy Harris wrote:
> The main-config option tls_certificates specifies
> "a file which contains the server’s certificates".
>
> Plural.
>
> What happens when you try it?

It will be used the first cert in the new-double chain and only the
ECDSA Ciphers are visible which match with the first cert.

To see the available ciphers up to openssl 1.0.2 i use:
https://github.com/mozilla/cipherscan


I actually used this sample-machine:

cipherscan -starttls smtp torf.tributh.net:25
....
Target: torf.tributh.net:25

prio  ciphersuite                    protocols             
pfs                 curves
1     ECDHE-ECDSA-AES256-GCM-SHA384  TLSv1.2               
ECDH,P-256,256bits  server
2     ECDHE-ECDSA-AES128-GCM-SHA256  TLSv1.2               
ECDH,P-256,256bits  server
3     ECDHE-ECDSA-AES256-SHA         TLSv1,TLSv1.1,TLSv1.2 
ECDH,P-256,256bits  server


Certificate: trusted, 384 bits, sha256WithRSAEncryption signature
TLS ticket lifetime hint: None
NPN protocols: None
OCSP stapling: supported
Cipher ordering: server
Curves ordering: none - fallback: no
Server supports secure renegotiation
Server supported compression methods: NONE
TLS Tolerance: yes


--
Torsten