Bug 1417430

Summary: Exim version 4.72
Product: [Fedora] Fedora EPEL Reporter: Persona non grata <nobody+392447>
Component: eximAssignee: Jaroslav Škarvada <jskarvad>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: el6CC: dwmw2, jskarvad, tremble
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-01-30 11:07:35 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Persona non grata 2017-01-29 09:29:07 UTC 
Description of problem:

Webuzo CentOs panel is giving Exim version 4.72 as last version available for CentOs. They are unable to release last version because has perl dependence.

My VPS is CentOs 6.X and I cannot actually update to 7.0 for provider compatibility issue.

In Exim.conf I have:
openssl_options = +no_sslv2 +no_sslv3

but if I test my mail seems are used insecure chipter suite.
There is a way to tell to Exim to use strong Chipter suite?
I tried to add 
tls_require_ciphers = AES128+EECDH:AES128+EDH

but as soon I do this email are stopping to work.
If I cannot use tls_require_chipher there is a way to make connection secure? Can you release a patch in version 4.72 if I cannot secure 4.72?

I cannot upgrade Exim actually.

Version-Release number of selected component (if applicable):

4.72

How reproducible:

When I add in exim.conf 
tls_require_ciphers = AES128+EECDH:AES128+EDH
I AM unable to send email.

When I test my email connection security es mail.mydomain.com:993 my security score is bad


Actual results:
Seems I AM unable to use tls_require_ciphers = AES128+EECDH:AES128+EDH for make connection secure.

Expected results:

A solution for use only secure chipher suite

Additional info:
Comment 1 Jaroslav Škarvada 2017-01-30 11:07:35 UTC 
We finally rebased to exim-4.88, because upstream dropped support for 4.72 and it became more and more time demanding for us to maintain it.

I cannot see any perl problem regarding RHEL-6. As CentOS is build from RHEL sources, there shouldn't be any problem regarding versions mismatch. Is your system fully updated, i.e. RHEL 6.8 code base or newer?

If you cannot update, you have to rebuild exim from sources yourself - this should resolve any versions mismatch you could have on system which is not fully updated, or persuade your support group to do it for you. We do not provide support for CentOS, nor for unsupported SW versions.