Re: [exim] PFS encryption

Αρχική Σελίδα
Delete this message
Reply to this message
Συντάκτης: Cyborg
Ημερομηνία:  
Προς: Exim-users
Αντικείμενο: Re: [exim] PFS encryption
Am 30.07.2013 11:19, schrieb Graeme Fowler:
> On 30 Jul 2013, at 08:56, Cyborg <cyborg2@???> wrote:
>> as i just read about PFS, i was wondering how exim is handling the key exchange.
>>
>> the article suggested to use these ciphers in this order:
>>
>> TLS_ECDHE_RSA_WITH_RC4_128_SHA
>> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
>> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
>> TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
> Look for tls_require_ciphers in the docs.
>


But was is the DEFAULT ?

Is it the output of "openssl ciphers" ?

if so, i don't see any ellipticbased ciphers there, but at least they
use DHE, which indicates PFS is used, which is good.

Next question, out of curiosity :

are there any statistics about the usage of ciphers in exim mailservers ?

( google returns only the exim specs as result for "statistics about
exim cipher usage" )



Marius