Thank'You Phil.
There is a tool, like eximstats, that can help me to get the percentage of SMTP connections that are encrypted,
between my Exim4 server and others mail servers ?


Il 06/08/2017 01:31, Phil Pennock ha scritto:
On 2017-08-01 at 19:10 +0200, Luciano Rinetti wrote:
#exim -bV
[...]
GnuTLS compile-time version: 2.8.6
GnuTLS runtime version: 2.8.6
On 2017-08-05 at 11:09 +0200, Luciano Rinetti wrote:
#exim -bV
Exim version 4.74 #1 built 24-May-2011 20:35:05
[...]
GnuTLS compile-time version: 2.8.6
GnuTLS runtime version: 2.8.6
Since you've reposted the exact same information four days later, I'm
confused.  The request for information was:

} What it means ? Are GNUTLS encrypted sessions or OpenSSL encrypted
} sessions ?

I think that your reposting means that you didn't notice these lines in
the output?  So: they're GnuTLS connections.

Exim supports _either_ OpenSSL _or_ GnuTLS.  If you see one in the
version output, then that is the TLS library provider in use.

That's an old version of Exim, which pre-dates a bug-fix where for
GnuTLS support we were reporting the size in bytes, not bits.  So the
":32" at the end of "X=TLS1.0:RSA_AES_256_CBC_SHA1:32" is 32 8-bit
bytes, or ":256" if expressed in bits.

Exim's GnuTLS support was overhauled in 4.80 and has been improved
since; the code in 4.74 only supports some old ciphersuites which will
be increasingly limiting on today's Internet.  I would not recommend
those suites today.

(History: when GnuTLS support was added to Exim, GnuTLS was missing some
API features which would let it handle a lot of the feature tuning, so
the Exim glue code did a lot of low-level tinkering itself.  Over time,
GnuTLS became more full-featured and so several years back we rewrote
Exim's bindings to use the GnuTLS features.  With newer Exim, you get
TLS1.2 support and much more modern ciphers.)

Be very _very_ careful with online documentation around TLS for such an
old version of Exim.  Make sure that you're looking at the documentation
for _that_ version, not the current documentation.

With newer Exim, run >> exim -d-all+dns -bV << to see the library
versions of everything (the TLS library stuff is no longer shown by
default).

-Phil


--
Cordiali Saluti / Best Regards

Luciano Rinetti
l.rine...@movimatica.com
Mob. 335.7878.602
Movimatica S.r.l.
www.movimatica.com - i...@movimatica.com
______________________________________________
sede Operativa:
Centro Pier della Francesca
Fabbricato 4, Scala P, 2° Piano
C.so Svizzera, 185 - 10149 Torino - Italy
Tel. +39 011 7767694 - Fax +39 011 746179
______________________________________________

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Reply via email to