Re: [exim] exim 4.43 and GnuTLS: How to control cipher negot…

Top Page
Delete this message
Reply to this message
Author: Philip Hazel
Date:  
To: Marc Haber
CC: exim-users
Subject: Re: [exim] exim 4.43 and GnuTLS: How to control cipher negotiation?
On Sun, 28 Nov 2004, Marc Haber wrote:

> Is it a known GnuTLS quirk that ARCFOUR ranks quite high in the
> selection scale?


I have a dim recollection that there is some way of setting the
priorities... ah yes! It's right there in the Exim code (the tls-gnu.c
module):

static int default_cipher_priority[16] = {
GNUTLS_CIPHER_ARCFOUR_128,
GNUTLS_CIPHER_AES_128_CBC,
GNUTLS_CIPHER_3DES_CBC,
GNUTLS_CIPHER_ARCFOUR_40,
0 };

I have no idea why the person who submitted the GnuTLS code chose that
particular set of ciphers and that particular order. However, the
tls_require_ciphers option allows you to modify or replace this list.

-- 
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.
Get the Exim 4 book:    http://www.uit.co.uk/exim-book