Hi, I tested under Debian Buster (actual testing version) with openssl. After the installation I lost the possibility to serve TLS to TLS1.0 and TLS1.1 Clients.
Debian buster runs with openssl 1.1.1 and a new TLS security setting. In /etc/ssl/openssl.cnf we find CipherString = DEFAULT@SECLEVEL=2 Of course there could be just a change to SECLEVEL=1 or SECLEVEL=0, but than the security for the whole system will change. With adding SSL_CTX_set_min_proto_version(sctx, 0); in tls-openssl.c exim was able to serve TLS1.0 & TLS1.1 again. I am not right sure where would be the best place to add this setting. Regards Torsten Am 14.12.18 um 08:42 schrieb Heiko Schlittermann via Exim-users: > I've built and uploaded Exim 4.92-RC1 to > > https://ftp.exim.org/pub/exim/exim4/test > > The current ChangeLog (since 4.91) and NewStuff files are attached to > this message. The tree is still open for commits. Please check if > you've any pending bugfixes or additions. > > We need you: Please download, build and check the release candidate(s). > > All files there are signed with my GPG key > 0xD0BFD6B9ECA5694A6F149DCEAF4CC676A6B6C142 > The same key I used to sign this mail. > > ** We encourage you to check the signatures of the source tarballs. > ** The signatures are in the above mentioned location AND attached to > ** this message. > > Best regards from Dresden/Germany > Viele Grüße aus Dresden > Heiko Schlittermann > -- > SCHLITTERMANN.de ---------------------------- internet & unix support - > Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - > gnupg encrypted messages are welcome --------------- key ID: F69376CE - > > -- Torsten -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
