Am 28.09.22 um 16:28 schrieb Viktor Dukhovni via Exim-users:
Ditto on port 465 and with IPv4:
$ posttls-finger -c -lmay -Lsummary -w -o inet_protocols=ipv4 -p TLSv1.2
"[eximtest.duckdns.org]:465"
posttls-finger: Untrusted TLS connection established
to eximtest.duckdns.org[172.105.179.7]:465:
TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Same with openssl: TLS 1.3 openssl s_client --connect eximtest.duckdns.org:25 -starttls smtp CONNECTED(00000003) depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1 ... New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Server public key is 2048 bit TLS 1.2: New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported But your key is a bit short. I suggest to upgrade it to at least 4096 bits. best regards, Marius
OpenPGP_0x048770A738345DD3.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
-- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
