[exim] GnuTLS New Cert vs old(?) Libs

Top Page
Delete this message
Reply to this message
Author: Heiko Schlittermann
Date:  
To: Exim-users
Subject: [exim] GnuTLS New Cert vs old(?) Libs
Hello,

some SSL experts around? I got a "legacy" Exim (4.80), linked with GNUTLS
libgnutls.so.26 => /usr/lib/i386-linux-gnu/libgnutls.so.26, and installed new
certificates. Now we got connection problems.

A `nmap --script ssl-enum-ciphers -p T25 ...` shows:

    25/tcp open  smtp
    | ssl-enum-ciphers: 
    |   TLSv1.1: 
    |     ciphers: 
    |       TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA - strong
    |       TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA - strong
    |     compressors: 
    | 
    |_  least strength: strong


I would have expected much more. Apache with the same cert has more.

Exim config doesn't mention any tls settings beside key and cert. Any
idea, what parameter I should check (Key: length, type? Signature
type?)

Connection problems: (gnutls_handshake): Could not negotiate a supported cipher suite.

    Best regards from Dresden/Germany
    Viele Grüße aus Dresden
    Heiko Schlittermann
-- 
 SCHLITTERMANN.de ---------------------------- internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --------------- key ID: F69376CE -
 ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -