Score:0

How do I disable TLS v1.0 and v1.1 on Exim?

cn flag

When I ran this command in my terminal:

openssl s_client -connect www.domain.com:465 -tls1

and it displayed this output:

SSL-Session:
Protocol : TLSv1
Cipher : ECDHE-RSA-AES256-SHA
Session-ID: B4C5934D812CAE5460DF87317C1AD76EF0998DD7B228EB631477DCB831B8
Session-ID-ctx:
Master-Key: F7D4F5FF850193E9C746AF3B59AE5B06892805AFC6528F82389684989441156D011FFB79D2D6E653C2ED4E568961
Start Time: 1654225000
Timeout : 7200 (sec)
Verify return code: 0 (ok)

Which I believe TLSv1.0 is enabled.

Currently the SSL protocols used by Exim are these:

+no_sslv2 +no_sslv3 +no_tlsv1 +no_tlsv1_1

Should I change it to:

+no_sslv2 +no_sslv3 +no_tlsv1_2 +no_tlsv1_3

Or to:

+no_sslv2 +no_sslv3

How do I know the possible values for these protocols on Exim? And is it safe to completely remove the TLS v1.0 and TLS v1.1?

Note that, I'm using WHM version 102.0.18.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.