https://bugs.exim.org/show_bug.cgi?id=2822
--- Comment #2 from Andreas Metzler ---
Hello,
I can reproduce this with exim 4.95, and gnutls 3.7.2. Minimal testcase is
running "sslscan --tls12" against
a) exim without custom gnutls priority string
and
b) ex-serv-x509.c from the gnutls distribution
https://bugs.exim.org/show_bug.cgi?id=2822
--- Comment #5 from Ferry ---
Hi,
I myself unfortunately don't have any other exim systems readily available. The
bug report I linked concerned debian, presume they know how to link.
Would it be possible for you to run sslscan against some running inst
https://bugs.exim.org/show_bug.cgi?id=2822
--- Comment #4 from Jeremy Harris ---
Exim feeds the string from the tls_require_ciphers option pretty much direct
into the library gnutls_priority_init() function. You might get a more
informed response from the gnutls mailinglist.
Is it possible that
On Wed, Oct 20, 2021 at 12:00:17AM +, admin--- via Exim-dev wrote:
> The 4th shows that on 2000+ connections in the logs nothing is actually using
> a
> DHE cipher suite either. Which makes a bug on the sslscan unlikely - esp.
> since
> it works as expected against gnutls-serv with the same
https://bugs.exim.org/show_bug.cgi?id=2822
--- Comment #3 from Ferry ---
a) GnuTLS 3.6.16 & Exim 4.92.2 in our case - but the link to the bug filed at
sslscan by someone else indicates issues with exim in debian (he filed here:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968145 - no respons
On 19/10/2021 20:40, Viktor Dukhovni via Exim-dev wrote:
Though my comment likely won't make it into the ticket log
You could always comment on the bug, using the bugzilla web interface.
The link was in the mail you replied to.
--
Cheers,
Jeremy
--
## List details at https://lists.exim.org/m
On Tue, Oct 19, 2021 at 09:21:24PM +, admin--- via Exim-dev wrote:
> https://bugs.exim.org/show_bug.cgi?id=2822
>
> --- Comment #2 from Jeremy Harris ---
> a) you didn't say what version of GnuTLS, nor distribution of Exim
> b) working out what you are trying to say in that wall of text is ti
https://bugs.exim.org/show_bug.cgi?id=2822
--- Comment #2 from Jeremy Harris ---
a) you didn't say what version of GnuTLS, nor distribution of Exim
b) working out what you are trying to say in that wall of text is tiring
--
You are receiving this mail because:
You are on the CC list for the bug
https://bugs.exim.org/show_bug.cgi?id=2822
--- Comment #1 from Ferry ---
Guidelines here btw:
https://english.ncsc.nl/publications/publications/2021/january/19/it-security-guidelines-for-transport-layer-security-2.1
For just ciphersuites jumping to Appendix C is the quick win :).
--
You are re
