On Fri, 3 Dec 2004 09:31:32 +0000 (GMT), Philip Hazel
<ph10@???> wrote:
>On Thu, 2 Dec 2004, Marc Haber wrote:
>> Result: The cipher being actually used is determined by the sending
>> side by choosing the first cipher listed in the transport that is
>> actually supported by the server.
>
>I will elaborate on this in the manual. At present it hints at it with
>just a single sentence: "In a client, the order of the list specifies a
>preference order for the algorithms."
Actually, I needed your book to actually understand TLS configuration.
The specification is more a reference, and I didn't manage to learn
from there.
>> There is no problem with the Exim code besides the somewhat suboptimal
>> default.
>
>Does it make sense to change the default order? What would you suggest?
I am no expert on cryptography, but RC4 does generally not have a very
good reputation, so I'd choose AES128, 3DES, ARCFOUR128 and ARCFOUR40,
in this order.
Greetings
Marc
--
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber | " Questions are the | Mailadresse im Header
Mannheim, Germany | Beginning of Wisdom " | http://www.zugschlus.de/
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834