Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: exim: dev

4.80 RC2 / GnuTLS 2.12.19: tls_require_ciphers (server side) ignored

 

 

exim dev RSS feed   Index | Next | Previous | View Threaded


eximusers at downhill

May 20, 2012, 4:55 AM

Post #1 of 2 (336 views)
Permalink
4.80 RC2 / GnuTLS 2.12.19: tls_require_ciphers (server side) ignored

Hello,

tls_require_ciphers seems to be ignored on the server side:

argenau:/tmp/EXIM4# exim4 -bP tls_require_ciphers
tls_require_ciphers = EXPORT:-VERS-TLS1.2

argenau:/tmp/EXIM4# exim4 -bd -d+all-memory -v
Library version: GnuTLS: Compile: 2.12.19
Runtime: 2.12.19
[...]
13:41:31 20414 Listening...
[...]


Ok, now let's connect:
ametzler [at] argena:/tmp/EXIM4$ openssl s_client -connect localhost:465
[...]
SSL-Session:
Protocol : TLSv1.2
[...]

And the debug log shows this:
13:42:57 20414 Connection request from 127.0.0.1 port 48534
13:42:57 20414 interface address=127.0.0.1 port=465
[...]
13:42:57 20416 initialising GnuTLS as a server
13:42:57 20416 GnuTLS global init required.
13:42:57 20416 initialising GnuTLS server session
13:42:57 20416 Expanding various TLS configuration options for session credentials.
13:42:57 20416 certificate file = /etc/exim4/exim.crt
13:42:57 20416 key file = /etc/exim4/exim.key
13:42:57 20416 TLS: cert/key registered
[...]
13:42:57 20416 Initialising GnuTLS server params.
13:42:57 20416 GnuTLS tells us that for D-H PK, NORMAL is 2432 bits.
13:42:57 20416 read D-H parameters from file "/var/spool/exim4/gnutls-params-2432"
13:42:57 20416 initialized server D-H parameters
13:42:57 20416 GnuTLS using default session cipher/priority "NORMAL"

cu andreas

--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##


pdp at exim

May 20, 2012, 4:14 PM

Post #2 of 2 (318 views)
Permalink
Re: 4.80 RC2 / GnuTLS 2.12.19: tls_require_ciphers (server side) ignored [In reply to]

On 2012-05-20 at 13:55 +0200, Andreas Metzler wrote:
> tls_require_ciphers seems to be ignored on the server side:

Yup, detected myself while debugging something for GnuTLS stuff and
discovered a missing assign.

> 13:42:57 20416 GnuTLS using default session cipher/priority "NORMAL"

On the bright side, I shoved in so much debug logging that the problem
was fairly easy to track down. Fixed in git.

-Phil

--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##

exim dev RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.