Re: [exim] SSL3_GET_CLIENT_HELLO No shared cipher - when SSL…

Top Page
Delete this message
Reply to this message
Author: Heiko Schlittermann
Date:  
To: exim-users
Subject: Re: [exim] SSL3_GET_CLIENT_HELLO No shared cipher - when SSLv3 disabled?
Viktor Dukhovni <exim-users@???> (Do 30 Mär 2017 16:52:38 CEST):

> I don't know whether Exim needs to be restarted to change
> certificates, or picks up new certs automatically as clients
> connect. I suspect the latter, with the TLS context
> created and destroyed per connection.


You're right, Exim picks up the cert/keys per connection, as the
relevant options are expandable at runtime. (But, as far as I know,
currently not based on the key that is requested (so we do not support
multiple key setups for the same CN, as far as I know. But I may be
wrong, as always.)

--
Heiko