Re: [exim] [exim-dev] Exim 4.88 RC5 uploaded

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Torsten Tributh
Date:  
À: exim-users
Sujet: Re: [exim] [exim-dev] Exim 4.88 RC5 uploaded
Sorry pasted a bit to much.

After

tls_eccurve = secp384r1

i copied to former result also.
There should be only the working part.
Torsten

On 11/21/2016 05:21 PM, Torsten Tributh wrote:
>
> On 11/21/2016 05:09 PM, Jeremy Harris wrote:
>> On 21/11/16 15:57, Torsten Tributh wrote:
>>> If this variable:
>>>
>>> tls_eccurve =
>>> is not set in the config, TLS fails.
>> How are you testing and what do you observe?
> Simple test:
> tls_eccurve = auto
> /etc/init.d/exim4 restart
>
>
>  echo quit|openssl s_client -connect torf.tributh.net:465
> CONNECTED(00000003)
> write:errno=104
> ---
> no peer certificate available
> ---
> No client certificate CA names sent
> ---
> SSL handshake has read 0 bytes and written 176 bytes
> Verification: OK
> ---
> New, (NONE), Cipher is (NONE)
> Secure Renegotiation IS NOT supported
> Compression: NONE
> Expansion: NONE
> No ALPN negotiated
> SSL-Session:
>     Protocol  : TLSv1.2
>     Cipher    : 0000
>     Session-ID:
>     Session-ID-ctx:
>     Master-Key:
>     PSK identity: None
>     PSK identity hint: None
>     SRP username: None
>     Start Time: 1479745082
>     Timeout   : 7200 (sec)
>     Verify return code: 0 (ok)
>     Extended master secret: no

>
>
>
>
>
>
>
>
> tls_eccurve = secp384r1
> /etc/init.d/exim4 restart
>
> echo quit|openssl s_client -connect torf.tributh.net:465
> CONNECTED(00000003)
> write:errno=104
> ---
> no peer certificate available
> ---
> No client certificate CA names sent
> ---
> SSL handshake has read 0 bytes and written 176 bytes
> Verification: OK
> ---
> New, (NONE), Cipher is (NONE)
> Secure Renegotiation IS NOT supported
> Compression: NONE
> Expansion: NONE
> No ALPN negotiated
> SSL-Session:
>     Protocol  : TLSv1.2
>     Cipher    : 0000
>     Session-ID:
>     Session-ID-ctx:
>     Master-Key:
>     PSK identity: None
>     PSK identity hint: None
>     SRP username: None
>     Start Time: 1479745082
>     Timeout   : 7200 (sec)
>     Verify return code: 0 (ok)
>     Extended master secret: no
> ---
> tributh@hpux:~$ echo quit|openssl s_client -connect torf.tributh.net:465
> CONNECTED(00000003)
> depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
> verify return:1
> depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
> verify return:1
> depth=0 CN = torf.tributh.net
> verify return:1
> ---
> Certificate chain
>  0 s:/CN=torf.tributh.net
>    i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
>  1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
>    i:/O=Digital Signature Trust Co./CN=DST Root CA X3
> ---
> Server certificate
> -----BEGIN CERTIFICATE-----
> MIIEVjCCAz6gAwIBAgISA3+efO4NjZqTY63v+rdJ+3k+MA0GCSqGSIb3DQEBCwUA
> MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
> ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNjEwMjcwNTE1MDBaFw0x
> NzAxMjUwNTE1MDBaMBsxGTAXBgNVBAMTEHRvcmYudHJpYnV0aC5uZXQwdjAQBgcq
> hkjOPQIBBgUrgQQAIgNiAARFG+VOhb701bz/HUCq54i04GqPVrhVpHkHtGP/S47P
> 1pMKYm2nsw8yM18YRFnd1PxBKf3Z+ak+KXNjbToigDETQhYc8N4yM2Veb5Hrj2Tc
> oPKcd1/B8wQ0YRcmdAxELbGjggIRMIICDTAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0l
> BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYE
> FOJMNQJ2yh0DWdLlghI2zhZ9uuH3MB8GA1UdIwQYMBaAFKhKamMEfd265tE5t6ZF
> Ze/zqOyhMHAGCCsGAQUFBwEBBGQwYjAvBggrBgEFBQcwAYYjaHR0cDovL29jc3Au
> aW50LXgzLmxldHNlbmNyeXB0Lm9yZy8wLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0
> LmludC14My5sZXRzZW5jcnlwdC5vcmcvMBsGA1UdEQQUMBKCEHRvcmYudHJpYnV0
> aC5uZXQwgf4GA1UdIASB9jCB8zAIBgZngQwBAgEwgeYGCysGAQQBgt8TAQEBMIHW
> MCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCBqwYIKwYB
> BQUHAgIwgZ4MgZtUaGlzIENlcnRpZmljYXRlIG1heSBvbmx5IGJlIHJlbGllZCB1
> cG9uIGJ5IFJlbHlpbmcgUGFydGllcyBhbmQgb25seSBpbiBhY2NvcmRhbmNlIHdp
> dGggdGhlIENlcnRpZmljYXRlIFBvbGljeSBmb3VuZCBhdCBodHRwczovL2xldHNl
> bmNyeXB0Lm9yZy9yZXBvc2l0b3J5LzANBgkqhkiG9w0BAQsFAAOCAQEAh4iamIzX
> jFkRlw2R8d3bRNBKI+YLOtkJ0pICDWXkWqfJpew3gwnx+oq97S6eipM393qSltb2
> nSrKA4+X6mmPhx4o9V9DWvn61tJzjy/Irl3i6B4pGIiSDnjbyPlJ82ZBc+P9iPp7
> DidINyriWRc2Iw57ILjCI8nPquHZJJQ4rar0mr0jKpJqejKAl4ToE7RBqiQ7F4Mc
> ViIb4z96t4vXQ6Wbl+1JCAgwdNjXf2sA3TF8QGNo166GiQXX6eQRuHEOil8Qb9VJ
> f+NtWkIjoW5opJuWOVfciL2j52jPPCHPoDYXS1I5E13AJoYJjBFeBxaBhMOAnjCM
> UoAVKgeO2Av3Iw==
> -----END CERTIFICATE-----
> subject=/CN=torf.tributh.net
> issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
> ---
> No client certificate CA names sent
> Peer signing digest: SHA512
> Server Temp Key: ECDH, P-384, 384 bits
> ---
> SSL handshake has read 2672 bytes and written 326 bytes
> Verification: OK
> ---
> New, TLSv1.2, Cipher is ECDHE-ECDSA-CHACHA20-POLY1305
> Server public key is 384 bit
> Secure Renegotiation IS supported
> Compression: NONE
> Expansion: NONE
> No ALPN negotiated
> SSL-Session:
>     Protocol  : TLSv1.2
>     Cipher    : ECDHE-ECDSA-CHACHA20-POLY1305
>     Session-ID:
> A5B8E1AC38345A7A317C83987778171658E9899CEA336B543A8CC0FB7A88CACE
>     Session-ID-ctx:
>     Master-Key:
> A1D619FC11DE5E4F8D6A4A1096827A8D7A94E20A6BFC765E1AE5D9C921311844E34F8517C5DF28EF834A0D9379A9C83A
>     PSK identity: None
>     PSK identity hint: None
>     SRP username: None
>     Start Time: 1479745196
>     Timeout   : 7200 (sec)
>     Verify return code: 0 (ok)
>     Extended master secret: yes
> ---
> 220 torf.tributh.net
> DONE

>
> ---
>


--
Torsten