Hello, tls_require_ciphers seems to be ignored on the server side:
argenau:/tmp/EXIM4# exim4 -bP tls_require_ciphers tls_require_ciphers = EXPORT:-VERS-TLS1.2 argenau:/tmp/EXIM4# exim4 -bd -d+all-memory -v Library version: GnuTLS: Compile: 2.12.19 Runtime: 2.12.19 [...] 13:41:31 20414 Listening... [...] Ok, now let's connect: ametzler@argenau:/tmp/EXIM4$ openssl s_client -connect localhost:465 [...] SSL-Session: Protocol : TLSv1.2 [...] And the debug log shows this: 13:42:57 20414 Connection request from 127.0.0.1 port 48534 13:42:57 20414 interface address=127.0.0.1 port=465 [...] 13:42:57 20416 initialising GnuTLS as a server 13:42:57 20416 GnuTLS global init required. 13:42:57 20416 initialising GnuTLS server session 13:42:57 20416 Expanding various TLS configuration options for session credentials. 13:42:57 20416 certificate file = /etc/exim4/exim.crt 13:42:57 20416 key file = /etc/exim4/exim.key 13:42:57 20416 TLS: cert/key registered [...] 13:42:57 20416 Initialising GnuTLS server params. 13:42:57 20416 GnuTLS tells us that for D-H PK, NORMAL is 2432 bits. 13:42:57 20416 read D-H parameters from file "/var/spool/exim4/gnutls-params-2432" 13:42:57 20416 initialized server D-H parameters 13:42:57 20416 GnuTLS using default session cipher/priority "NORMAL" cu andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure' -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##