Re: [exim] exim 4.43 and GnuTLS: How to control cipher negot…

Top Page
Delete this message
Reply to this message
Author: Marc Haber
Date:  
To: exim-users
Subject: Re: [exim] exim 4.43 and GnuTLS: How to control cipher negotiation?
On Fri, 3 Dec 2004 09:31:32 +0000 (GMT), Philip Hazel
<ph10@???> wrote:
>On Thu, 2 Dec 2004, Marc Haber wrote:
>> Result: The cipher being actually used is determined by the sending
>> side by choosing the first cipher listed in the transport that is
>> actually supported by the server.
>
>I will elaborate on this in the manual. At present it hints at it with
>just a single sentence: "In a client, the order of the list specifies a
>preference order for the algorithms."


Actually, I needed your book to actually understand TLS configuration.
The specification is more a reference, and I didn't manage to learn
from there.

>> There is no problem with the Exim code besides the somewhat suboptimal
>> default.
>
>Does it make sense to change the default order? What would you suggest?


I am no expert on cryptography, but RC4 does generally not have a very
good reputation, so I'd choose AES128, 3DES, ARCFOUR128 and ARCFOUR40,
in this order.

Greetings
Marc

-- 
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber         |   " Questions are the         | Mailadresse im Header
Mannheim, Germany  |     Beginning of Wisdom "     | http://www.zugschlus.de/
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834