------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=674 --- Comment #9 from Phil Pennock <[EMAIL PROTECTED]> 2008-08-14 05:49:32 --- Created an attachment (id=261) --> (http://bugs.exim.org/attachment.cgi?id=261) New global option, openssl_load_all I think this is a reasonable compromise and sensible way forward for now, without undermining the whole point of the exercise. A new option, available when SUPPORT_TLS defined, "openssl_load_all". It's a boolean, default false. It is a fatal error to set this true without also defining "tls_require_ciphers". The theory being that anyone who knows to load all algorithms knows enough to make their own educated decision about a cipher policy but that loading all algorithms has the risk of adding new dangerous ciphers that should not be present and would be a security step backwards. This avoids Exim needing to push a cipher which can become stale and puts Exim only in the position of having some mild protection against accidental shooting of self in foot. I was able to use Martin's sha256 stuff successfully with this patch. Documentation patch to come next, when I write it. -- Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email -- ## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
