On 03/07/2016 09:50 AM, Renaud Allard wrote:
Hello,I am trying to enable ECDH (in server mode). Is there anything I forgot? I am running exim 4.86.2 under OpenBSD 5.8 with LibreSSL 2.2.2 In my config file, I have: tls_eccurve = auto (I tried with other primes too) tls_require_ciphers = !aNULL:CHACHA20:AES256:AES128:@STRENGTH openssl_options = +no_compression +cipher_server_preference +single_dh_use +single_ecdh_use +no_session_resumption_on_renegotiation I am trying to connect using: openssl s_client -connect localhost:465 -cipher 'ECDH' And that fails with 2016-03-07 09:47:32 [1347] TLS error on connection from localhost [127.0.0.1]:4283 I=[127.0.0.1]:465 (SSL_accept): error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher Thank you, Best Regards
This seems to be dependent on LibreSSL I opened a bug: https://bugs.exim.org/show_bug.cgi?id=1806
smime.p7s
Description: S/MIME Cryptographic Signature
-- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
