On Fri, Dec 14, 2018 at 05:18:44PM +0100, Torsten Tributh via Exim-users wrote: > I tested under Debian Buster (actual testing version)
> with openssl. After the installation I lost the possibility to serve TLS
> to TLS1.0 and TLS1.1 Clients.
>
> Debian buster runs with openssl 1.1.1 and a new TLS security setting.
>
> In /etc/ssl/openssl.cnf we find
>
> CipherString = DEFAULT@SECLEVEL=2
>
> Of course there could be just a change to SECLEVEL=1 or SECLEVEL=0,
Do not touch it. In [system_default_sect] of openssl.cnf there should be
line "MinProtocol = TLSv1.2" (debian-specific system restriction),
just change it to allow lower TLS version.
--
Eugene Berdnikov
