On 26/10/2025 04:37, Viktor Dukhovni via Exim-users wrote: > If this hangs after printing "SSL_connect:SSLv3/TLS write client hello", > you likely have a problem, to confirm, you can try again with: > > $ host=your.server-fqdn.example > $ (sleep 2; printf 'QUIT\r\n') | > openssl s_client -starttls smtp -connect $host:25 \ > -groups "X25519MLKEM768:*X25519:P-256:ffdhe3072" -state -brief > > and if that succeeds promptly, it is appropriate to take action to find > out what's causing the problem, and take steps to remediate it.
Well, that's ugly in combination with DANE... eg. mailX.polisen.se needs it # openssl s_client -starttls smtp -connect mail1.polisen.se:25 -groups "X25519MLKEM768:*X25519:P-256:ffdhe3072" works, but with MLKEM it doesn't. I get the feeling that it is not safe to generally use it on an outgoing relay yet. Greetings, Wolfgang -- Wolfgang Breyha <[email protected]> | https://www.blafasel.at/ Vienna University Computer Center | Austria -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## [email protected] ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
