Re: [exim] SSL3_GET_CLIENT_HELLO No shared cipher - when SSL…

トップ ページ
このメッセージを削除
このメッセージに返信
著者: Viktor Dukhovni
日付:  
To: exim users
題目: Re: [exim] SSL3_GET_CLIENT_HELLO No shared cipher - when SSLv3 disabled?

> On Mar 30, 2017, at 8:09 AM, Michael J. Tubby B.Sc. MIET <mike.tubby@???> wrote:
>
> I think I'm going to have to go and buy a plain RSA2048/SHA256
> cert from RapidSSL or Comodo for one host (relay1.thorcom.net)
> and see if the problem goes away :-(


Let's Encrypt certificates are easier to manage (auto-renewal
and deployment) and cheaper. You could try those.

I don't know whether Exim needs to be restarted to change
certificates, or picks up new certs automatically as clients
connect. I suspect the latter, with the TLS context
created and destroyed per connection.

That's why I suggested explicitly disabling session ticket
support, ... but I don't whether Exim already handles disabling
the session cache for you internally. It's the polite thing to
do if it is impossible to resume previous TLS sessions.

-- 
    Viktor.