Re: [exim] SSL forcing

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Jeremy Harris
Datum:  
To: exim-users
Betreff: Re: [exim] SSL forcing
On 19/05/2019 18:00, Cyborg via Exim-users wrote:
> Problem is, that even if tls_1.2 is out since 2008, a communication
> partner may use SSLv3 or TLS 1.0/1.1 and  using just "encrypted = *" ,
> you will accept i
>
> It's better to check the protocol via $tls_cipher for tls 1.2 and 1.3 ,
> and reject anything not 1.2 or 1.3.


If you are concerned about TLS versions, the easiest configuration
is using tls_require_ciphers (for GnuTLS, where it is a GnuTLS priority
string) or openssl_options (for OpenSSL).

--
Cheers,
Jeremy