Re: [exim] Exim 4.92-RC1

Góra strony
Delete this message
Reply to this message
Autor: Torsten Tributh
Data:  
Dla: exim-users
Temat: Re: [exim] Exim 4.92-RC1
Hi,

I tested under Debian Buster (actual testing version)
with openssl. After the installation I lost the possibility to serve TLS
to TLS1.0 and TLS1.1 Clients.

Debian buster runs with openssl 1.1.1 and a new TLS security setting.

In /etc/ssl/openssl.cnf we find

CipherString = DEFAULT@SECLEVEL=2

Of course there could be just a change to SECLEVEL=1 or SECLEVEL=0,

but than the security for the whole system will change.


With adding

SSL_CTX_set_min_proto_version(sctx, 0);

in tls-openssl.c

exim was able to serve TLS1.0 & TLS1.1 again.

I am not right sure where would be the best place to add this setting.

Regards

Torsten

Am 14.12.18 um 08:42 schrieb Heiko Schlittermann via Exim-users:
> I've built and uploaded Exim 4.92-RC1 to
>
>     https://ftp.exim.org/pub/exim/exim4/test

>
> The current ChangeLog (since 4.91) and NewStuff files are attached to
> this message. The tree is still open for commits. Please check if
> you've any pending bugfixes or additions.
>
> We need you: Please download, build and check the release candidate(s).
>
> All files there are signed with my GPG key
>     0xD0BFD6B9ECA5694A6F149DCEAF4CC676A6B6C142
> The same key I used to sign this mail.

>
> ** We encourage you to check the signatures of the source tarballs.
> ** The signatures are in the above mentioned location AND attached to
> ** this message.
>
>     Best regards from Dresden/Germany
>     Viele Grüße aus Dresden
>     Heiko Schlittermann
> --
>  SCHLITTERMANN.de ---------------------------- internet & unix support -
>  Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
>  gnupg encrypted messages are welcome --------------- key ID: F69376CE -

>
>

--
Torsten