Re: [exim] SSL3_GET_CLIENT_HELLO No shared cipher - when SSL…

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Viktor Dukhovni
Datum:  
To: exim users
Betreff: Re: [exim] SSL3_GET_CLIENT_HELLO No shared cipher - when SSLv3 disabled?

> On Mar 30, 2017, at 8:09 AM, Michael J. Tubby B.Sc. MIET <mike.tubby@???> wrote:
>
> I think I'm going to have to go and buy a plain RSA2048/SHA256
> cert from RapidSSL or Comodo for one host (relay1.thorcom.net)
> and see if the problem goes away :-(


Let's Encrypt certificates are easier to manage (auto-renewal
and deployment) and cheaper. You could try those.

I don't know whether Exim needs to be restarted to change
certificates, or picks up new certs automatically as clients
connect. I suspect the latter, with the TLS context
created and destroyed per connection.

That's why I suggested explicitly disabling session ticket
support, ... but I don't whether Exim already handles disabling
the session cache for you internally. It's the polite thing to
do if it is impossible to resume previous TLS sessions.

-- 
    Viktor.