On 2012-05-21 at 02:45 +0700, Janne Snabb wrote: > On 2012-05-21 01:34, Janne Snabb wrote: > > Maybe NSS is unable to create/use bigger keys than 2048 bits? > > I found the actual limit in NSS sources in > mozilla/security/nss/lib/freebl/blapit.h:
You are awesome. Thank you. > http://sourceforge.net/mailarchive/forum.php?thread_name=4C81BB9E.9010808%40iang.org&forum_name=ssllabs-discuss > > Something like the patch below might be needed. Disgusting :(. I'll make it an Exim tunable option as a max clamp and default it to the NSS value of 2236. Then I'll cut RC3. I've separately fixed that tls_require_ciphers was being ignored, sorry about that. -Phil -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
