On 29/09/2022 05:59, Viktor Dukhovni via Exim-users wrote:
> But does the server support TLS 1.1 and
> below? Perhaps Exim (or GnuTLS) defaults to TLS 1.2 or higher?
This will depend on the main-config option "tls_require_ciphers",
which for GnuTLS is a "priority string". See the Gnutls docs,
eg.
https://www.gnutls.org/manual/html_node/Priority-Strings.html
The Exim default fo the option (with GnuTLS) is "NORMAL" - you get
whatever the GnuTLS library version decides.
That could in turn depend on per-system policies.
Note that permitting TLSv1.1 is downgrading your security.
You might want to only permit it for this client, eg. by
using an expansion depending on the IP. Doing so will, however,
mean that Exim cannot pre-load that portion of library setup.
--
Cheers,
Jeremy
