Re: [Exim] OT: TLS encryption strength

Top Page
Delete this message
Reply to this message
Author: Richard Welty
Date:  
To: exim-users
Subject: Re: [Exim] OT: TLS encryption strength
On Sun, 9 Mar 2003 16:06:43 +0000 Giuliano Gavazzi <eximlists@???> wrote:

> Sorry for the OT, but I have just noticed that the latest Eudora is
> negotiating a different encryption with my server, this is documented
> in the release notes for that version (the MacOSX 5.2.1b5 version).
>
> Previously it would get a TLSv1:DES-CBC3-SHA:168, now (5.2.1b5) it
> gets a TLSv1:RC4-SHA:128. Is this much weaker (I am not really that
> concerned..)?


RC4 is indeed a weaker than 3DES (DES-CBC3 is OpenSSL speak for 3DES
in Cipher Block Chaining mode.)

for SMTP over TLS, for garden variety personal email, it's hardly a crisis.
if you seriously need encrypted email, you should go with a PGP/GPG
solution rather than depending on the distinctly weaker SMTP over TLS
approach anyway. SMTP over TLS is fine as far as it goes, but it's not an
end-to-end solution and authentication is limited to server and client
authentication (where it is done at all), rather than personal
authentication (which PGP/GPG can provide.)

richard
--
Richard Welty                                         rwelty@???
Averill Park Networking                                         518-573-7592
              Unix, Linux, IP Network Engineering, Security