On 30/09/2022 18:34, Viktor Dukhovni via Exim-users wrote:
Do you also have a TLS version floor? "protocol version" sure sounds like it.
Not as far as I know, and openssl_options = -no_sslv3 -no_tlsv1_1 -no_tlsv1 doesn't change the result. There is indeed a "protocol version" fatal alert sent according to wireshark.
Anyway, this is perhaps a distraction from the GnuTLS issue, which you've identifies IIRC (SSL 3.0-compatible handshake with no TLS extensions fails against Exim + GnuTLS as reported).
While it's true the Exim bug with GnuTLS is now fixed, having the regression test passing for both the TLS libraries we claim to support would be good. $subject changed to reflect that. -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/