https://bugs.exim.org/show_bug.cgi?id=2822
--- Comment #2 from Andreas Metzler <[email protected]> --- Hello, I can reproduce this with exim 4.95, and gnutls 3.7.2. Minimal testcase is running "sslscan --tls12" against a) exim without custom gnutls priority string and b) ex-serv-x509.c from the gnutls distribution ( with the calls for reading ocsp and crl file commented out) with both instances using the same gnutls versions and certificates. This shows the following major difference: ----------- Supported Server Cipher(s): Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve 25519 DHE 253 +Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 DHE 2048 bits Accepted TLSv1.2 256 bits ECDHE-RSA-CHACHA20-POLY1305 Curve 25519 DHE 253 +Accepted TLSv1.2 256 bits DHE-RSA-CHACHA20-POLY1305 DHE 2048 bits +Accepted TLSv1.2 256 bits DHE-RSA-AES256-CCM DHE 2048 bits Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve 25519 DHE 253 +Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 DHE 2048 bits +Accepted TLSv1.2 128 bits DHE-RSA-AES128-CCM DHE 2048 bits Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve 25519 DHE 253 +Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA DHE 2048 bits Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve 25519 DHE 253 +Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA DHE 2048 bits Accepted TLSv1.2 256 bits AES256-GCM-SHA384 Accepted TLSv1.2 256 bits AES256-CCM Accepted TLSv1.2 128 bits AES128-GCM-SHA256 ----------- Since ex-serv-x509.c is very short this should help. (There is no difference with --tls13). -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
