Re: [exim] Please check for SSL transport errors

Góra strony
Delete this message
Reply to this message
Autor: Viktor Dukhovni
Data:  
Dla: exim users
Temat: Re: [exim] Please check for SSL transport errors

> On Feb 11, 2017, at 8:14 AM, The Doctor <doctor@???> wrote:
>
> tls_require_ciphers expands to "ALL : SSLv2 : !LOW : !aNULL : !eNULL : !3DES : @STRENGTH"


Did you mean to exclude SSLv2 and forget the "!"?
You might consider something saner these days:

    DEFAULT:!SSLv2:!EXPORT:!LOW:!kECDH:!kDH:!3DES:!MD5:!SEED:!IDEA:@STRENGTH


In sufficiently recent versions of OpenSSL, some of the above exclusions
are already part of "DEFAULT" (which is "ALL:!aNULL", and, by the way,
"ALL" already excludes "eNULL" which is what "COMPLEMENTOFALL" consists of).

-- 
    Viktor.