Auteur: Jan-Peter Koopmann Date: À: Richard Welty, exim-users CC: Sujet: RE: [exim] exim 4.43 and GnuTLS: How to control cipher negotiation?
>>> very good reputation, so I'd choose AES128, 3DES, >>> ARCFOUR128 and ARCFOUR40, in this order.
>
>> I second this!
>
> i won't second it because it's not strong enough.
>
> RC4 is not even obsolescent, it's obsolete. the barn door has
> been open on that one for a long long time.
Agreed. So if the two clients cannot negotiate on AES128 or 3DES you would rather have them communicate without any encryption just because RC4 has been cracked? If you choose to allow AES128/3DES only that is your decision to make. We are talking about the default ciphers here and to teach the components to favour AES128/3DES over ARCFOUR. I see no harm in that.