Re: [exim] exim 4.43 and GnuTLS: How to control cipher negot…

Pàgina inicial
Delete this message
Reply to this message
Autor: Philip Hazel
Data:  
A: Marc Haber
CC: exim-users
Assumpte: Re: [exim] exim 4.43 and GnuTLS: How to control cipher negotiation?
On Thu, 2 Dec 2004, Marc Haber wrote:

> Result: The cipher being actually used is determined by the sending
> side by choosing the first cipher listed in the transport that is
> actually supported by the server.


I will elaborate on this in the manual. At present it hints at it with
just a single sentence: "In a client, the order of the list specifies a
preference order for the algorithms."

> There is no problem with the Exim code besides the somewhat suboptimal
> default.


Does it make sense to change the default order? What would you suggest?
The relevant code shows the current order:

static int default_cipher_priority[16] = {
  GNUTLS_CIPHER_ARCFOUR_128,
  GNUTLS_CIPHER_AES_128_CBC,  
  GNUTLS_CIPHER_3DES_CBC,
  GNUTLS_CIPHER_ARCFOUR_40,
  0 };                  


-- 
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.
Get the Exim 4 book:    http://www.uit.co.uk/exim-book