-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 On 2013-09-02 at 08:56 +0200, Heiko Schlittermann wrote: > Newer Exims (4.8x) seem to have a lower default when using GnuTLS. If I rise > the dh_min_bits to 2048 I see the same behaviour as with the 4.76 version. > > tls_require_ciphers I didn't try yet, but I'll do.
I've tracked down the problem. In older releases, Debian used to patch up the value passed to gnutls_dh_set_prime_bits() to 2048, so they broke TLS interop with most non-Exim deployments of mail-servers with EDH support, since AFAIK most other software defaults the parameters generated, for server-side, to 1024 bits. This is why I couldn't find the issue in the Exim source. - -Phil -----BEGIN PGP SIGNATURE----- iEYEAREDAAYFAlImOQIACgkQQDBDFTkDY3/96wCfVHeRATFksQklBPBjn16/UsmE bIkAn2Z5e/pczsSm5yUcPjJWi3mg91kV =UWX4 -----END PGP SIGNATURE----- -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
