Hello, Thank you for your answer. Yes, I am talking about EXIM with the use of OpenSSL. I understand that EXIM is limited to the specifications of the OpenSSL library. Regards JME
-----Message d'origine----- De : Exim-users <[email protected]> De la part de Jeremy Harris via Exim-users Envoyé : vendredi 11 octobre 2019 11:55 À : [email protected] Objet : Re: [exim] Define preferred encryption algorithms On 10/10/2019 15:30, jmedard--- via Exim-users wrote: > On Exim the order of the encryption string, present in "tls_require_ciphers" > does not matter, the order is not used. > > > > I think this requires the switch to "Server preference", via the > openssl_options: "+cipher_server_preference", but it is not enough for > the server to define a recommended encryption algorithm. > > > > How is it possible to define a cipher algorithm preference, please? Since you mention openssl_options I'm assuming you are using an Exim built for use with OpenSSL. Please doublecheck this, as it affects the answer. We are limited by what the library provides. The openssl_options are fed to the SSL_CTX_set_options() interface (via some fairly-obvious processing). The tls_require_ciphers is fed to SSL_CTX_set_cipher_list(). http://exim.org/exim-html-current/doc/html/spec_html/ch-encrypted_smtp_conne ctions_using_tlsssl.html#SECTreqciphssl talks about order of the list of ciphers, which to me implies that the library uses that order as a preference. -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/ -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
