On Montag, 3. November 2014, 18:19:30 Jeremy Harris wrote: > On 03/11/14 17:39, elrippo wrote: > > I treid out to set the commands > > > > tls_require_ciphers = NORMAL:!VERS-SSL3.0 > > tls_advertise_hosts = * > > hosts_require_tls = * > > > > in > > /etc/exim4/conf.d/transport/30_exim4-config_remote_smtp_smarthost > > > > and > > /etc/exim4/conf.d/transport/30_exim4-config_remote_smtp > > > > after running update-exim4.conf it complains [main option > > "hosts_require_tls" unknown], ["tls_advertise_hosts" option set for the > > second time] and in > > There isn't a main option "tls_advertise_hosts", like the error says. > The "tls_advertise_hosts" option is all you need there. > > > > > /etc/exim4/conf.d/transport/30_exim4-config_remote_smtp [option > > "tls_require_ciphers" unknown] > > This should have worked. Can you locate the put-together exim config > file, and check that the relevant transport definition, with all its > options, looks correct versus the documentation for your exim version > (see http://exim.org/docs.html). > > Possibly the error message itself is wrong, and it should have been > complaining that a transport option called "tls_advertise_hosts" > does not exist. >
Hy Jeremy, this time i really found the "BUG" that causes this, i just do not know how to debug this properly, so please tell me how i can do this. I regenerated a certificate and a key by running "/usr/share/doc/exim4-base/examples/exim-gencert --force" After that everything was fine, and all connections were enctypted with TLS1.2 by using "tls_require_ciphers = SECURE128:!VERS-SSL3.0" If i use my legitimate cacert.org certificate, exim complains with [could not negotiate tls_handshake] If i use my 4096bit key which i use with the cacert.org certificate, then exim complains [(gnutls_handshake): Public key signature verification has failed.] In my opinion this is a security risk, because my apache2, XMPP and FTP server use the exact same cacert.org certificate and the 4096bit RSA key without any troubles. Kind regards, elrippo -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
