On 19/05/2019 18:00, Cyborg via Exim-users wrote: > Problem is, that even if tls_1.2 is out since 2008, a communication > partner may use SSLv3 or TLS 1.0/1.1 and using just "encrypted = *" , > you will accept i > > It's better to check the protocol via $tls_cipher for tls 1.2 and 1.3 , > and reject anything not 1.2 or 1.3.
If you are concerned about TLS versions, the easiest configuration is using tls_require_ciphers (for GnuTLS, where it is a GnuTLS priority string) or openssl_options (for OpenSSL). -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
