Mailing List Archive

[Bug 2872] New: Unable to select ONLY TLSv1.3 CHACHA20-POLY1305 cipher
https://bugs.exim.org/show_bug.cgi?id=2872

Bug ID: 2872
Summary: Unable to select ONLY TLSv1.3 CHACHA20-POLY1305 cipher
Product: Exim
Version: 4.96
Hardware: x86
OS: Linux
Status: NEW
Severity: bug
Priority: medium
Component: TLS
Assignee: jgh146exb@wizmail.org
Reporter: s.egbert@sbcglobal.net
CC: exim-dev@exim.org

Unable to choose only CHACHA20-POLY1305 cipher using this exim4.conf setting:

tls_require_ciphers = CHACHA20-POLY1305


This documentation (in
https://www.exim.org/exim-html-current/doc/html/spec_html/ch-encrypted_smtp_connections_using_tlsssl.html#SECTreqciphgnu
)states:

For TLS version 1.3 the control available is less fine-grained and Exim does
not provide access to it at present. The value of the tls_require_ciphers
option is ignored when TLS version 1.3 is negotiated.

As of writing the library default cipher suite list for TLSv1.3 is

TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256



I searched for all TLS-related bugs and none describes this one.

--
You are receiving this mail because:
You are on the CC list for the bug.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##