Hi Jeremy, thanks for your answer. On Fri, Jun 07, 2019 at 05:39:24PM +0100, Jeremy Harris via Exim-users wrote: > On 07/06/2019 17:16, Marc MERLIN via Exim-users wrote: > > Is my cipher list unsuitable? cipher: > > TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256 > > That's not a cipher list, it is the cipher that you negociated.
Oops, correct. > With TLS1.3 certain TLS startup error types only become visible on the > first read after the handshake call. I think you've hit one. The > handling of these has been made a bit better post- 4.92 > (see eg. c15523829b). Is there any chance of you compiling a > bleeding-edge version? Sorry, I totally failed to give a required bit of info, which exim I have. debian exim4 4.87-3+b1 I don't upgrade unless I have to, as a general policy :) > Alternatively, disable TLS1.3 - the tls_require_ciphers options > for the smtp transport is expanded, so you could make this > google-specific. So, I'm not much of an expert on TLS and crypto protocols in general. I had a look at https://www.exim.org/exim-html-current/doc/html/spec_html/ch-encrypted_smtp_connections_using_tlsssl.html#SECTreqciphgnu and I tried these 3 options directly pasted in /var/lib/exim4/config.autogenerated tls_require_ciphers = NORMAL:%COMPAT tls_require_ciphers = NORMAL:%LATEST_RECORD_VERSION:-VERS-SSL3.0 tls_require_ciphers = SECURE128 In all 3 cases I got the same: 10:04:33 4558 cipher: TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256 10:05:27 4916 cipher: TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256 10:05:56 4954 cipher: TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256 and the mail delivery failed all 3 times. Any idea what I should try? Thanks, Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
