What is the preferred way to configure Exim with GnuTLS for desired ciphers and
elliptic curves?
Should ciphers and curves be specified with a priority string in
tls_require_ciphers and then tls_eccurve left on auto?
Or should ciphers be specified with a priority string in tls_require_ciphers
and then another priority string used to specify curves in tls_eccurve?
For example (I know these are not equivalent configurations, but are used as
examples of potential configurations):
tls_require_ciphers = SECURE128
tls_eccurve = auto
tls_require_ciphers = NONE:\
+VERS-TLS1.2:\
+ECDHE-RSA:\
+CHACHA20-POLY1305:+CAMELLIA-256-GCM:+AES-256-GCM:\
+AEAD:\
+CURVE-X25519:+CURVE-SECP521R1:+CURVE-SECP384R1:\
+SIGN-RSA-SHA512:+SIGN-RSA-SHA384:+SIGN-RSA-SHA256:\
+CTYPE-X509:\
+COMP-NULL
tls_eccurve = auto
tls_require_ciphers = SECURE128
tls_eccurve =
NONE:+CURVE-X25519:+CURVE-SECP521R1:+CURVE-SECP384R1:+CURVE-SECP256R1
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
