Am 28.09.22 um 16:28 schrieb Viktor Dukhovni via Exim-users:
>
> Ditto on port 465 and with IPv4:
>
> $ posttls-finger -c -lmay -Lsummary -w -o inet_protocols=ipv4 -p TLSv1.2 "[eximtest.duckdns.org]:465"
> posttls-finger: Untrusted TLS connection established
> to eximtest.duckdns.org[172.105.179.7]:465:
> TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
>
Same with openssl:
TLS 1.3
openssl s_client --connect eximtest.duckdns.org:25 -starttls smtp
CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
...
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
TLS 1.2:
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
But your key is a bit short. I suggest to upgrade it to at least 4096 bits.
best regards,
Marius
