On 31.05.2021 22:59, Viktor Dukhovni via Exim-users wrote:
I checked on exim built on FreeBSD 12 (with openssl 1.1) and it works fine -
but fails on other installation with openssl 1.0.
So what version of FreeBSD and OpenSSL are on the system with the
reported issue? Support for negotiated ECDHE groups has evolved in
OpenSSL over time. With older OpenSSL releases unless group selection
is explicitly set to "auto", the server picks some single default group,
which may not match this particular client's choice.
Sorry, I forgot to mention this.
This is OpenSSL 1.0.2u (base version for FreeBSD 11.4).
I could switch to 1.1.1k from ports but that would require rebuilding
exim and the rest.
I also could switch to libressl or even GnuTLS...
best regards
--
Marcin Gryszkalis, PGP 0xA5DBEEC7 http://fork.pl/gpg.txt
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
