cannot allow TLS1.0, TLS1.1 in exim

[Hetzner DirectAdmin]

Where? As far as I know only TLS 1.0 and 1.1 was deprecated, TLS 1.2 is used all over still.

Ok, I think I got confused that might have been 1.1 I was referring to.

If I may ask a quick question.

Referring to the DKIM Selector modification, to make a very minor change to /etc/exim.variables.conf.default
will the change be overwritten?

or do I have to do the change in /etc/exim.variables.conf.custom ?

This is one my last hurdle in the DA setup, but it is for personal reasons.

I tried:

nano /usr/local/directadmin/conf/directadmin.conf
then add
minimumtls=v1_1

Then i tried to edit the /etc/exim.variables.conf.default

openssl_options = removing +no_tlsv1_1

Then rebuild but it overwrote my config

So I guess I have to do the custom build thingy?

 

[Hetzner DirectAdmin]

cp /etc/exim.variables.conf /etc/exim.variables.conf.custom
(make your changes)
da build exim
da build exim_conf


That seems to have done it... for now

 

[Richard G]

You're on the right track, but as for the exim.variables.conf.custom file, you only need to add what you want to change compared to the default.
Otherwise you might miss important updates of the other things.

So in the /etc/exim.variables.conf.custom juist copy the line you want to change, make the change, save and then build exim and exim.conf as you did.

nano /usr/local/directadmin/conf/directadmin.conf
then add
minimumtls=v1_1

There is no such setting for directadmin as far as I'm aware. There is a tls_min_version setting but that is only valid for tls 12 and 13.

That seems to have done it... for now

That's good news for you although every client I know understands TLS 1.2 so no need to go down to 1.1.
But still I would advise to use only the applicable line in the custom file.