У меня сейчас так. Всё со всеми ок.
tls_advertise_hosts = *
tls_require_ciphers =
ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
tls_dhparam = /etc/ssl/dhparams.pem
Mikhail Golub писал 2016-12-21 14:26:
Всем доброго дня.
Прошу подсказать, как правильно указать данный параметр?
Прописаны:
tls_certificate ...
tls_privatekey ...
tls_advertise_hosts = *
tls_dhparam ...
openssl_options = +dont_insert_empty_fragments +no_sslv2 +no_sslv3
При указании
tls_require_ciphers = TLSv1+HIGH : !SSLv2 : RC4+MEDIUM : !aNULL :
!eNULL : !3DES : !MD5 : !AES : !CAMELLIA : !PSK : !KRB5 : @STRENGTH
все тесты проходит на https://sslanalyzer.comodoca.com/
Но письма с gmail.com, например, не проходят:
2016-12-21 14:15:30 TLS error on connection from
mail-io0-f179.google.com [209.85.223.179] (SSL_accept):
error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher
FreeBSD 11.0-RELEASE-p2
OpenSSL 1.0.2j-freebsd
--
With best regards,
Max Kostikov
BBM: 24CA5DF8 | W: https://kostikov.co
_______________________________________________
Exim-users mailing list
Exim-users@mailground.net
http://mailground.net/mailman/listinfo/exim-users