On Tue, 30 Nov 2004, Marc Haber wrote:
> When using gnutls-cli, a better cipher is negotiated. Who contributed
> the GnuTLS Interface?
Nikos Mavroyanopoulos provided GnuTLS proof of concept code; I had to
tidy it up a bit to fit it more into the Exim "culture". I think I also
had to make some changes when GnuTLS reached release 1. But I always
feel I am flying blind when working on it.
> >tls_require_ciphers = AES : 3DES
> >
> >? That is, tried preventing it from using ARCFOUR at all?
>
> Not yet. That configuration option would disable encryption completely
> with a communications partner that is only capable of doing ARCFOUR,
> which is a bad thing.
Yes, I realize that; I didn't mean you to use that for real, but just to
test whether tls_require_ciphers was working at all.
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.
Get the Exim 4 book: http://www.uit.co.uk/exim-book
