https://bugs.exim.org/show_bug.cgi?id=2822
--- Comment #2 from Andreas Metzler <eximusers@???> ---
Hello,
I can reproduce this with exim 4.95, and gnutls 3.7.2. Minimal testcase is
running "sslscan --tls12" against
a) exim without custom gnutls priority string
and
b) ex-serv-x509.c from the gnutls distribution ( with the calls for reading
ocsp and crl file commented out) with both instances using the same gnutls
versions and certificates. This shows the following major difference:
-----------
Supported Server Cipher(s):
Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve 25519 DHE 253
+Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 DHE 2048 bits
Accepted TLSv1.2 256 bits ECDHE-RSA-CHACHA20-POLY1305 Curve 25519 DHE 253
+Accepted TLSv1.2 256 bits DHE-RSA-CHACHA20-POLY1305 DHE 2048 bits
+Accepted TLSv1.2 256 bits DHE-RSA-AES256-CCM DHE 2048 bits
Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve 25519 DHE 253
+Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 DHE 2048 bits
+Accepted TLSv1.2 128 bits DHE-RSA-AES128-CCM DHE 2048 bits
Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve 25519 DHE 253
+Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve 25519 DHE 253
+Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
Accepted TLSv1.2 256 bits AES256-GCM-SHA384
Accepted TLSv1.2 256 bits AES256-CCM
Accepted TLSv1.2 128 bits AES128-GCM-SHA256
-----------
Since ex-serv-x509.c is very short this should help. (There is no difference
with --tls13).
--
You are receiving this mail because:
You are on the CC list for the bug.
