Re: [exim] TLS error no shared cipher with SSL_accept: error…

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Marcin Gryszkalis
Date:  
À: exim-users
Sujet: Re: [exim] TLS error no shared cipher with SSL_accept: error in error
On 31.05.2021 22:59, Viktor Dukhovni via Exim-users wrote:
>> I checked on exim built on FreeBSD 12 (with openssl 1.1) and it works fine - but fails on other installation with openssl 1.0.
>
> So what version of FreeBSD and OpenSSL are on the system with the
> reported issue? Support for negotiated ECDHE groups has evolved in
> OpenSSL over time. With older OpenSSL releases unless group selection
> is explicitly set to "auto", the server picks some single default group,
> which may not match this particular client's choice.


Sorry, I forgot to mention this.

This is OpenSSL 1.0.2u (base version for FreeBSD 11.4).

I could switch to 1.1.1k from ports but that would require rebuilding
exim and the rest.
I also could switch to libressl or even GnuTLS...

best regards
--
Marcin Gryszkalis, PGP 0xA5DBEEC7 http://fork.pl/gpg.txt