On Sat, Sep 18, 2021 at 10:58:33AM +0100, Sabahattin Gucukoglu via Exim-users wrote:
> Is there really a good reason? I do it chiefly because I like
> OpenSSL’s cipher selection (I want very permissive, ordered by
> @STRENGTH, and TLS 1.3 would be nice). There were also horror stories
> about RNG entropy starvation caused by GnuTLS.
OpenSSL is a good choice for ensuring interoperable TLS support. GnuTLS
has had in the past its share of various quirks that have led to
unwanted or surprising behaviour. I used to hear it derided as "GunTLS"
(as in foot-gun).
That said, GnuTLS has been around for quite some time now, and likely
most of the kinks have been worked out.
You could reach out to the Debian community and see whether they're
willing to also provide an alternative pre-packaged Exim built against
OpenSSL.
--
Viktor.