On 2013-01-29 at 11:53 -0600, Raymond Norton wrote: > (Ubuntu 12.0.4 - Exim4 -Baruwa 2.0.0)
This doesn't tell us anything about which version of Exim is used beyond that it's something in "Exim4". There have been significant changes in recent Exim 4 when it comes to GnuTLS configuration, entirely replacing which configuration directives are used. See README.UPDATING as of 4.80 or later. > I'm getting a lot of the following in my logs, but don't know if it is > normal, or an issue with my configuration, Your configuration. > 11:26:20 6310 LOG: MAIN > 11:26:20 6310 TLS error on connection from (mail-oa0-f70.google.com) > [209.85.219.70] (gnutls_handshake): No supported cipher suites have been > found. Google do not use unusual ciphersuites; not _default_ for things like OpenSSL, as they strongly bias towards RC4-SHA for performance reasons, but that should be accepted by you for connections from the Internet, as it's normal and reasonable. In mails from google.com machines, my logs record X=TLSv1:RC4-SHA:128 (and I support newer versions of TLS). (Beware that for licensing/legal reasons, RC4 is sometimes spelt ARCFOUR, especially in GnuTLS.) Assuming you're using Exim 4.80.1 or somesuch, then pass whatever you gave the "tls_require_ciphers" option in Exim to the gnutls-list-ciphers(1) command. A sane value for tls_require_ciphers in the main section, where you're controlling TLS connections from the open Internet, might be: tls_require_ciphers = NORMAL:%COMPAT -Phil -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
