Hi,
I tested under Debian Buster (actual testing version)
with openssl. After the installation I lost the possibility to serve TLS
to TLS1.0 and TLS1.1 Clients.
Debian buster runs with openssl 1.1.1 and a new TLS security setting.
In /etc/ssl/openssl.cnf we find
CipherString = DEFAULT@SECLEVEL=2
Of course there could be just a change to SECLEVEL=1 or SECLEVEL=0,
but than the security for the whole system will change.
With adding
SSL_CTX_set_min_proto_version(sctx, 0);
in tls-openssl.c
exim was able to serve TLS1.0 & TLS1.1 again.
I am not right sure where would be the best place to add this setting.
Regards
Torsten
Am 14.12.18 um 08:42 schrieb Heiko Schlittermann via Exim-users:
> I've built and uploaded Exim 4.92-RC1 to
>
> https://ftp.exim.org/pub/exim/exim4/test
>
> The current ChangeLog (since 4.91) and NewStuff files are attached to
> this message. The tree is still open for commits. Please check if
> you've any pending bugfixes or additions.
>
> We need you: Please download, build and check the release candidate(s).
>
> All files there are signed with my GPG key
> 0xD0BFD6B9ECA5694A6F149DCEAF4CC676A6B6C142
> The same key I used to sign this mail.
>
> ** We encourage you to check the signatures of the source tarballs.
> ** The signatures are in the above mentioned location AND attached to
> ** this message.
>
> Best regards from Dresden/Germany
> Viele Grüße aus Dresden
> Heiko Schlittermann
> --
> SCHLITTERMANN.de ---------------------------- internet & unix support -
> Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
> gnupg encrypted messages are welcome --------------- key ID: F69376CE -
>
>
--
Torsten
