On 2020-07-28 02:56, Harald Dunkel wrote:
Hi folks,

there seems to be a compatibility issue between opensmtpd on
OpenBSD 6.7 and exim4 on Debian's bugtracker, see

     https://lists.debian.org/debian-user/2020/07/msg01091.html

Most recent syspatches are applied, of course. I cannot reproduce
this problem with opensmtpd 6.7.1-p1 on Debian.

How can I tell opensmtpd on OpenBSD to ignore TLS1.3 and to use
TLS1.2 only, just for test purposes? TLS1.3 in libressl appears
to be brand new. Maybe its buggy.


Every helpful hint is highly appreciated
Harri


Looking at smtpd.conf(5), you should be able to put `smtp ciphers control` (control being the control string of allowed ciphers). The default is "HIGH:!aNULL:!MD5". I think "HIGH:!aNULL:!MD5!TLSv1.3" should be valid in removing TLSv1.3 as far as I can tell according to SSL_CTX_set_cipher_list(3). I haven't actually tested this however, but this might be a useful starting point.

Reply via email to