On 2017-08-01 at 19:10 +0200, Luciano Rinetti wrote:
> #exim -bV
[...]
> GnuTLS compile-time version: 2.8.6
> GnuTLS runtime version: 2.8.6

On 2017-08-05 at 11:09 +0200, Luciano Rinetti wrote:
> #exim -bV
> Exim version 4.74 #1 built 24-May-2011 20:35:05
[...]
> GnuTLS compile-time version: 2.8.6
> GnuTLS runtime version: 2.8.6

Since you've reposted the exact same information four days later, I'm
confused.  The request for information was:

} What it means ? Are GNUTLS encrypted sessions or OpenSSL encrypted
} sessions ?

I think that your reposting means that you didn't notice these lines in
the output?  So: they're GnuTLS connections.

Exim supports _either_ OpenSSL _or_ GnuTLS.  If you see one in the
version output, then that is the TLS library provider in use.

That's an old version of Exim, which pre-dates a bug-fix where for
GnuTLS support we were reporting the size in bytes, not bits.  So the
":32" at the end of "X=TLS1.0:RSA_AES_256_CBC_SHA1:32" is 32 8-bit
bytes, or ":256" if expressed in bits.

Exim's GnuTLS support was overhauled in 4.80 and has been improved
since; the code in 4.74 only supports some old ciphersuites which will
be increasingly limiting on today's Internet.  I would not recommend
those suites today.

(History: when GnuTLS support was added to Exim, GnuTLS was missing some
API features which would let it handle a lot of the feature tuning, so
the Exim glue code did a lot of low-level tinkering itself.  Over time,
GnuTLS became more full-featured and so several years back we rewrote
Exim's bindings to use the GnuTLS features.  With newer Exim, you get
TLS1.2 support and much more modern ciphers.)

Be very _very_ careful with online documentation around TLS for such an
old version of Exim.  Make sure that you're looking at the documentation
for _that_ version, not the current documentation.

With newer Exim, run >> exim -d-all+dns -bV << to see the library
versions of everything (the TLS library stuff is no longer shown by
default).

-Phil

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Reply via email to