Re: [exim] GnuTTS woes

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M\Jasen Betts at <-
MMViktor Dukhovni at ->
Delete this message
Reply to this message
Author: Viktor Dukhovni
Date:  
To: exim-users
Subject: Re: [exim] GnuTTS woes
On Tue, Sep 27, 2022 at 02:39:19AM -0000, Jasen Betts via Exim-users wrote:

> it's reachable here: eximtest.duckdns.org
>
> eg: $ testssl eximtest.duckdns.org:465
>

You said that ECDHE ciphers are not available, but a default connection
with "posttls-finger" gives TLS 1.3 with an ECDHE cipher: 

    posttls-finger: Untrusted TLS connection established
        to eximtest.duckdns.org[2400:8907::f03c:93ff:fe2d:f557]:25:
        TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
        key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits)
        server-digest SHA256


If I force TLS 1.2, I get (slightly less detailed cipher breakdown for
TLS 1.2 in Postfix): 

    posttls-finger: Untrusted TLS connection established
        to eximtest.duckdns.org[2400:8907::f03c:93ff:fe2d:f557]:25:
        TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)


Either this is not the server in question, or ECDHE is working just
fine... 

-- 
    Viktor.


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Exim relaying but shouldn'tRe: [exim] Exim relaying but shouldn't->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)