On 3/7/18 10:13 AM, Cyborg via Exim-users wrote:
> Hi,
> when TLS 1.3 is released, will Exim automatically able to use it if
> openssl supports it ?
> Do we have to make config changes to prefer 1.3 over 1.2 ( just in case
> ;) ) ?
> best regards,
> Marius
if you want to use openssl you just have to add some TLSv1.3 Ciphers to
the tls_require_ciphers.
It must be TLS13-AES-128-GCM-SHA256 (openssl writing of the cipher)

See the RFC details:
9.1.  Mandatory-to-Implement Cipher Suites

   In the absence of an application profile standard specifying
   otherwise, a TLS-compliant application MUST implement the
   TLS_AES_128_GCM_SHA256 [GCM] cipher suite and SHOULD implement the
   TLS_AES_256_GCM_SHA384 [GCM] and TLS_CHACHA20_POLY1305_SHA256
   [RFC7539] cipher suites.  (see Appendix B.4)

If you miss to add one of these ciphers TLS connections with TLS1.3 will
When TLSv1.3 is available it will be automatically preferred.

Already tested and running with OpenSSL 1.1.1-pre2-dev.


## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Reply via email to