On Sun, 28 Nov 2004, Marc Haber wrote:
> Is it a known GnuTLS quirk that ARCFOUR ranks quite high in the
> selection scale?
I have a dim recollection that there is some way of setting the
priorities... ah yes! It's right there in the Exim code (the tls-gnu.c
module):
static int default_cipher_priority[16] = {
GNUTLS_CIPHER_ARCFOUR_128,
GNUTLS_CIPHER_AES_128_CBC,
GNUTLS_CIPHER_3DES_CBC,
GNUTLS_CIPHER_ARCFOUR_40,
0 };
I have no idea why the person who submitted the GnuTLS code chose that
particular set of ciphers and that particular order. However, the
tls_require_ciphers option allows you to modify or replace this list.
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.
Get the Exim 4 book: http://www.uit.co.uk/exim-book
