On 2017-08-05 at 11:09 +0200, Luciano Rinetti wrote: > #exim -bV
> Exim version 4.74 #1 built 24-May-2011 20:35:05 [...] > GnuTLS compile-time version: 2.8.6
> GnuTLS runtime version: 2.8.6
Since you've reposted the exact same information four days later, I'm
confused. The request for information was:
} What it means ? Are GNUTLS encrypted sessions or OpenSSL encrypted
} sessions ?
I think that your reposting means that you didn't notice these lines in
the output? So: they're GnuTLS connections.
Exim supports _either_ OpenSSL _or_ GnuTLS. If you see one in the
version output, then that is the TLS library provider in use.
That's an old version of Exim, which pre-dates a bug-fix where for
GnuTLS support we were reporting the size in bytes, not bits. So the
":32" at the end of "X=TLS1.0:RSA_AES_256_CBC_SHA1:32" is 32 8-bit
bytes, or ":256" if expressed in bits.
Exim's GnuTLS support was overhauled in 4.80 and has been improved
since; the code in 4.74 only supports some old ciphersuites which will
be increasingly limiting on today's Internet. I would not recommend
those suites today.
(History: when GnuTLS support was added to Exim, GnuTLS was missing some
API features which would let it handle a lot of the feature tuning, so
the Exim glue code did a lot of low-level tinkering itself. Over time,
GnuTLS became more full-featured and so several years back we rewrote
Exim's bindings to use the GnuTLS features. With newer Exim, you get
TLS1.2 support and much more modern ciphers.)
Be very _very_ careful with online documentation around TLS for such an
old version of Exim. Make sure that you're looking at the documentation
for _that_ version, not the current documentation.
With newer Exim, run >> exim -d-all+dns -bV << to see the library
versions of everything (the TLS library stuff is no longer shown by
default).
