Sorry for the slow replies, my mailing list subscription was
misconfigured
On 2022-09-28, Viktor Dukhovni via Exim-users <exim-users@???> wrote: > On Tue, Sep 27, 2022 at 02:39:19AM -0000, Jasen Betts via Exim-users wrote:
>
>> it's reachable here: eximtest.duckdns.org
>>
>> eg: $ testssl eximtest.duckdns.org:465
>>
>
> You said that ECDHE ciphers are not available, but a default connection
> with "posttls-finger" gives TLS 1.3 with an ECDHE cipher:
>
I did say that, I was working from scraped web pages of a third-party
analysis at the time... I've since found testssl.sh (which is easier to
use) and by tweaking the priority string have turned on the same
cyphers.
accordingto testssl.sh The only feature currently missing is
maximum_fragment_size, (and the ability to support several client platforms)
I think I may have to run a bisection search on the source code to figure out
where that fell off.
