RE: [exim] exim 4.43 and GnuTLS: How to control cipher negot…

Top Page
Delete this message
Reply to this message
Author: Philip Hazel
Date:  
To: Jan-Peter Koopmann
CC: exim-users, Richard Welty
Subject: RE: [exim] exim 4.43 and GnuTLS: How to control cipher negotiation?
On Tue, 7 Dec 2004, Jan-Peter Koopmann wrote:

> > RC4 is not even obsolescent, it's obsolete. the barn door has
> > been open on that one for a long long time.
>
> Agreed. So if the two clients cannot negotiate on AES128 or 3DES you
> would rather have them communicate without any encryption just because
> RC4 has been cracked? If you choose to allow AES128/3DES only that is
> your decision to make.


Not quite. You can configure Exim to insist on encryption. In that case,
if it couldn't negotiate AES128 or 3DES, it would not send the message
at all.

> We are talking about the default ciphers here and to teach the
> components to favour AES128/3DES over ARCFOUR. I see no harm in that.


I think there is some harm. But there is harm both ways. Hmm.

-- 
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.
Get the Exim 4 book:    http://www.uit.co.uk/exim-book