After upgrade to openssl 1.0.1, my Perl script using Crypt::SSLeay was unable to connect as a client to a web server (https), I had to downgrade openssl to 1.0.0h on that machine (it runs Exim too).
Is the following (from Postfix 2.9.2 release notes) relevant to Exim? If yes, should we specify tls_require_ciphers main configuration option (Exim as server) or tls_require_ciphers smtp transport option (Exim as client)? ----- | This release adds support to turn off the TLSv1.1 and TLSv1.2 | protocols. Introduced with OpenSSL version 1.0.1, these are known | to cause inter-operability problems with for example hotmail. | | The radical workaround is to temporarily turn off problematic | protocols globally: | | /etc/postfix/main.cf: | smtp_tls_protocols = !SSLv2, !TLSv1.1, !TLSv1.2 | smtp_tls_mandatory_protocols = !SSLv2, !TLSv1.1, !TLSv1.2 | | smtpd_tls_protocols = !SSLv2, !TLSv1.1, !TLSv1.2 | smtpd_tls_mandatory_protocols = !SSLv2, !TLSv1.1, !TLSv1.2 | | However, it may be better to temporarily turn off problematic | protocols for broken sites only: | | /etc/postfix/main.cf: | smtp_tls_policy_maps = hash:/etc/postfix/tls_policy | | /etc/postfix/tls_policy: | example.com may protocols=!SSLv2:!TLSv1.1:!TLSv1.2 -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
