Re: [exim] Cipher suites identifier

Top Page
Delete this message
Reply to this message
Author: Luciano Rinetti
Date:  
To: exim-users
Subject: Re: [exim] Cipher suites identifier
Thank'You Phil.
There is a tool, like eximstats, that can help me to get the percentage
of SMTP connections that are encrypted,
between my Exim4 server and others mail servers ?


Il 06/08/2017 01:31, Phil Pennock ha scritto:
> On 2017-08-01 at 19:10 +0200, Luciano Rinetti wrote:
>> #exim -bV
> [...]
>> GnuTLS compile-time version: 2.8.6
>> GnuTLS runtime version: 2.8.6
> On 2017-08-05 at 11:09 +0200, Luciano Rinetti wrote:
>> #exim -bV
>> Exim version 4.74 #1 built 24-May-2011 20:35:05
> [...]
>> GnuTLS compile-time version: 2.8.6
>> GnuTLS runtime version: 2.8.6
> Since you've reposted the exact same information four days later, I'm
> confused. The request for information was:
>
> } What it means ? Are GNUTLS encrypted sessions or OpenSSL encrypted
> } sessions ?
>
> I think that your reposting means that you didn't notice these lines in
> the output? So: they're GnuTLS connections.
>
> Exim supports _either_ OpenSSL _or_ GnuTLS. If you see one in the
> version output, then that is the TLS library provider in use.
>
> That's an old version of Exim, which pre-dates a bug-fix where for
> GnuTLS support we were reporting the size in bytes, not bits. So the
> ":32" at the end of "X=TLS1.0:RSA_AES_256_CBC_SHA1:32" is 32 8-bit
> bytes, or ":256" if expressed in bits.
>
> Exim's GnuTLS support was overhauled in 4.80 and has been improved
> since; the code in 4.74 only supports some old ciphersuites which will
> be increasingly limiting on today's Internet. I would not recommend
> those suites today.
>
> (History: when GnuTLS support was added to Exim, GnuTLS was missing some
> API features which would let it handle a lot of the feature tuning, so
> the Exim glue code did a lot of low-level tinkering itself. Over time,
> GnuTLS became more full-featured and so several years back we rewrote
> Exim's bindings to use the GnuTLS features. With newer Exim, you get
> TLS1.2 support and much more modern ciphers.)
>
> Be very _very_ careful with online documentation around TLS for such an
> old version of Exim. Make sure that you're looking at the documentation
> for _that_ version, not the current documentation.
>
> With newer Exim, run >> exim -d-all+dns -bV << to see the library
> versions of everything (the TLS library stuff is no longer shown by
> default).
>
> -Phil
>


--
Cordiali Saluti / Best Regards

Luciano Rinetti
l.rinetti@???
Mob. 335.7878.602

Movimatica S.r.l.
www.movimatica.com - info@???
______________________________________________
sede Operativa:
Centro Pier della Francesca
Fabbricato 4, Scala P, 2° Piano
C.so Svizzera, 185 - 10149 Torino - Italy
Tel. +39 011 7767694 - Fax +39 011 746179
______________________________________________