On Jun 28, Antoine via Exim-users wrote > -VERS-TLS1.3 Thanks Antoine, but that doesn't seem to work:
$ gnutls-cli -l --priority SECURE256:-VERS-TLS1.3 Cipher suites for SECURE256:-VERS-TLS1.3 TLS_ECDHE_ECDSA_AES_256_GCM_SHA384 0xc0, 0x2c TLS1.2 TLS_ECDHE_ECDSA_CHACHA20_POLY1305 0xcc, 0xa9 TLS1.2 TLS_ECDHE_ECDSA_AES_256_CCM 0xc0, 0xad TLS1.2 TLS_ECDHE_RSA_AES_256_GCM_SHA384 0xc0, 0x30 TLS1.2 TLS_ECDHE_RSA_CHACHA20_POLY1305 0xcc, 0xa8 TLS1.2 TLS_RSA_AES_256_GCM_SHA384 0x00, 0x9d TLS1.2 TLS_RSA_AES_256_CCM 0xc0, 0x9d TLS1.2 TLS_DHE_RSA_AES_256_GCM_SHA384 0x00, 0x9f TLS1.2 TLS_DHE_RSA_CHACHA20_POLY1305 0xcc, 0xaa TLS1.2 TLS_DHE_RSA_AES_256_CCM 0xc0, 0x9f TLS1.2 Protocols: VERS-TLS1.2, VERS-TLS1.1, VERS-TLS1.0, VERS-DTLS1.2, VERS-DTLS1.0 So far, so good, but then Exim seems to ignore this: $ grep tls_require_ciphers /var/lib/exim4/config.autogenerated tls_require_ciphers = SECURE256:-VERS-TLS1.3 $ exim -d -M 1hg7kY-0005cN-VO | grep -A 2 -B 1 cipher: 27657 TLS certificate verified: peerdn="C=US,ST=California,L=Mountain View,O=Google LLC,CN=mx.google.com" 27657 cipher: TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256 27657 Have channel bindings cached for possible auth usage. 27657 SMTP>> EHLO smtp.junix.systems Aha! Wait, adding the same stanza to the remote_smtp transport fixed the problem! Thanks all for the pointers. Is this the expected behaviour? Thanks, Richard -- junix.systems/privacy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
