> On Oct 10, 2019, at 10:30 AM, jmedard--- via Exim-users
> wrote:
>
> More and more Internet security diagnostic tools (such as Immuniweb and
> Hardenize) specify that mail servers should be able to offer their preferred
> encryption algorithms. They consider it a security risk if the server
Hello,
Thank you for your answer.
Yes, I am talking about EXIM with the use of OpenSSL.
I understand that EXIM is limited to the specifications of the OpenSSL
library.
Regards
JME
-Message d'origine-
De : Exim-users De la part
de Jeremy Harris via Exim-users
Envoyé : vendredi 11 octobre
Hello,
I tested well with: "cipher preference: server" , the openssl_options:
"+cipher_server_preference" , but I hadn't done enough tests.
Indeed, they correctly describe the order of the encryption algorithms, it
works.
Thank you very much for your help.
Regards
-Message d'origine-
On Thu, Oct 10, 2019 at 04:30:29PM +0200, jmedard--- via Exim-users wrote:
> Hello,
>
>
>
> More and more Internet security diagnostic tools (such as Immuniweb and
> Hardenize) specify that mail servers should be able to offer their preferred
> encryption algorithms. They consider it a
On 10/10/2019 15:30, jmedard--- via Exim-users wrote:
> On Exim the order of the encryption string, present in "tls_require_ciphers"
> does not matter, the order is not used.
>
>
>
> I think this requires the switch to "Server preference", via the
> openssl_options:
Graeme Fowler via Exim-users (Do 10 Okt 2019 08:45:51
CEST):
> On 10 Oct 2019, at 03:40, Rob Gunther via Exim-users
> wrote:
>
> https://www.exim.org/exim-html-current/doc/html/spec_html/ch-string_expansions.html
>
> So it would be somehting like:
>
> ${if match{$spam_report:}{\NVIRUS[(]\N}}
Hello,
More and more Internet security diagnostic tools (such as Immuniweb and
Hardenize) specify that mail servers should be able to offer their preferred
encryption algorithms. They consider it a security risk if the server must
not be configured to select the best-available suite.
They