On Wed, Sep 28, 2022 at 07:58:27PM -0000, Jasen Betts via Exim-users wrote:
> > You said that ECDHE ciphers are not available, but a default connection > > with "posttls-finger" gives TLS 1.3 with an ECDHE cipher: > > I did say that, I was working from scraped web pages of a third-party > analysis at the time... I've since found testssl.sh (which is easier to > use) and by tweaking the priority string have turned on the same > cyphers. > > accordingto testssl.sh The only feature currently missing is > maximum_fragment_size, (and the ability to support several client platforms) > I think I may have to run a bisection search on the source code to figure out > where that fell off. That particular extension is hardly likely to be particularly important. I think you're barking up the wrong tree. Whatever the problem is, it is likely somewhere entirely different. You need to analyse some failed handshake full-packet captures with "tshark", and collected detailed logs from the clients that are having problems. -- Viktor. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/