On 11/19/2016 06:07 PM, Jeremy Harris wrote: > The main-config option tls_certificates specifies > "a file which contains the server’s certificates". > > Plural. > > What happens when you try it? It will be used the first cert in the new-double chain and only the ECDSA Ciphers are visible which match with the first cert.
To see the available ciphers up to openssl 1.0.2 i use: https://github.com/mozilla/cipherscan I actually used this sample-machine: cipherscan -starttls smtp torf.tributh.net:25 .... Target: torf.tributh.net:25 prio ciphersuite protocols pfs curves 1 ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 ECDH,P-256,256bits server 2 ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 ECDH,P-256,256bits server 3 ECDHE-ECDSA-AES256-SHA TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits server Certificate: trusted, 384 bits, sha256WithRSAEncryption signature TLS ticket lifetime hint: None NPN protocols: None OCSP stapling: supported Cipher ordering: server Curves ordering: none - fallback: no Server supports secure renegotiation Server supported compression methods: NONE TLS Tolerance: yes -- Torsten -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
