Dňa 24. mája 2025 18:16:48 UTC používateľ Andrew C Aitchison via Exim-users <exim-users@lists.exim.org> napísal: >On Sat, 24 May 2025, Slawomir Dworaczek via Exim-users wrote: > >> How to disable depracated protocols Tls 1 and tls 1.1 and enable only strong >> protocols > >Does your exim use GnuTLS or OpenSSL - > exim -bV | grep Support >should tell you ? > >Eugene Berdnikov said: >> But if you are looking for adventures, ask google how to adjust >> openssl_options (if your Exim was compiled with OpenSSL library) >> or tls_require_ciphers (if Exim was compiled with GnuTLS). > >Note that tls *ciphers* are different from the *protocols* and you >may or may not wish to keep tls 1.0 or 1.1 ciphers >even if you disable these protocols.
Priority string for GnuTLS can enable/disable all aspects of TLS, including cipher suites, protocols, signatures, groups, etc... No need to bother with multiple options as in OpenSSL. And GnuTLS's system config can be really system wide config... regards -- Slavko https://www.slavino.sk/ -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## exim-users-unsubscr...@lists.exim.org ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
