On 30/09/2022 21:33, Viktor Dukhovni via Exim-users wrote:
On Fri, Sep 30, 2022 at 09:18:08PM +0100, Jeremy Harris via Exim-users wrote:
On 30/09/2022 20:28, Viktor Dukhovni via Exim-users wrote:
Does "s_client -tls1_1 -cipher ALL:@SECLEVEL=0" work? Let's first
sort that out.
It does not. The same Fatal Alert.
Presumably it'll work for you if you connect to:
[dnssec-stats.ant.isi.edu]:25
It does.
So the barrier is some interaction between Exim and OpenSSL that makes
TLS 1.0 and 1.1 unavailable.
Yes, or the system my test server is running on forcing no TLSv1.1 support
(do/can they do that?)
Could the min/max protocol stuff mentioned in
https://www.openssl.org/docs/man1.1.1/man3/SSL_CONF_cmd.html
be affecting it?
Exim has no SSL_CONF_* calls currently; probably never has in it's
history.
I'm not sure how to debug. Does OpenSSL offer detailed internal
debug the way that GnuTLS does?
--
Cheers,
Jeremy
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
