On Fri, Sep 23, 2022 at 05:50:29AM -0000, Jasen Betts via Exim-users wrote:
> My testing mainly involves telling exim to listen on poert 443 with
> implicit SSL and then hitting it with www.sslcheck.com
>
> tls_on_connect_ports = 465:443
> daemon_smtp_ports = 25:465:587:443
>
> and this testing also shows a change in the availalbe suites.
>
> It mainly seems to be ECDH suites that are no longer avaialable.
There's a big difference between "ECDH" and "ECDHE", the "fixed" DH/ECDH
ciphers are deprecated, rarely used, and should not be used. While DHE
and ECDHE ciphers are preferred. If GnuTLS disabled these, no harm done.
If you post the name of the server, it would be possible for others to
confirm your observations and perhaps offer more detailed help.
--
Viktor.
