https://bugs.exim.org/show_bug.cgi?id=2872
--- Comment #4 from Jeremy Harris <jgh146...@wizmail.org> --- OpenSSL has separate API calls for TLSv1.3 and pre-1.3 ciphersuites. If you don't call either, you get a default set for that version of TLS. I'd expect it to, if a (set of) 1.3 ciphers was requested which did not match those selected by a peer, to fall back to using a cipher from the pre-1.3 set, on a 1.2 connection (assuming there was one). But it does not; the server rejects the Client Hello with a "Handshake faiied" alert. This is less than useful, it means a server cannot restrict the 1.3 ciphers it offers yet still offer both 1.3 and 1.2 service with a single configuration. -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
