RE: [Exim] ciphers for SMTP over TLS in exim?

Góra strony
Delete this message
Reply to this message
Autor: Karl Schmidt
Data:  
Dla: 'Philip Hazel', Exim \(E-mail\)
Temat: RE: [Exim] ciphers for SMTP over TLS in exim?
On Fri, 5 Oct 2001, Richard Welty wrote:

> how does exim handle negotiation of a cipher for smtp over tls?


It doesn't. It lets the OpenSSL library handle that. There is a call it
can use that tells OpenSSL a list of permitted ciphers. Exim 3 uses this
if you set the "verify_ciphers" option; the TLS setup fails if an
acceptable cipher can't be found. Exim 4 does not use this option; it
allows you to test the cipher later (gives more flexibility).

> i'm seeing that two exim boxes, both mine, both with
> tls_verify_ciphers defaulting to unset, are negotiating DES/SHA1 as
> the cipher suite. is there a reason why they're not going to 3DES?


If tls_verify_ciphers is unset, it's all up to the OpenSSL library.
I'm afraid I don't understand the internals.

Anyone know which cipher would perform the best for a mail application?

The openssl-0.9.6-9 supports the following ciphers.

EDH-RSA-DES-CBC3-SHA
EDH-DSS-DES-CBC3-SHA
DES-CBC3-SHA
DES-CBC3-MD5
DHE-DSS-RC4-SHA
RC4-SHA
RC4-MD5
RC2-CBC-MD5
RC4-MD5
RC4-64-MD5
EXP1024-DHE-DSS-RC4-SHA
EXP1024-RC4-SHA
EXP1024-DHE-DSS-DES-CBC-SHA
EXP1024-DES-CBC-SHA
EXP1024-RC2-CBC-MD5
EXP1024-RC4-MD5
EDH-RSA-DES-CBC-SHA
EDH-DSS-DES-CBC-SHA
DES-CBC-SHA
DES-CBC-MD5
EXP-EDH-RSA-DES-CBC-SHA
EXP-EDH-DSS-DES-CBC-SHA
EXP-DES-CBC-SHA
EXP-RC2-CBC-MD5
EXP-RC4-MD5
EXP-RC2-CBC-MD5
EXP-RC4-MD5
------------------------------------------------
Karl Schmidt (ks150)     EMail Karl@???
Transtronics, Inc.       WEB http://xtronics.com
3209 West 9th Street     Ph(785) 841-3089
Lawrence, KS 66049       FAX(785) 841-0434




--
## List details at http://www.exim.org/mailman/listinfo/exim-users Exim
details at http://www.exim.org/ ##