著者: Cyborg 日付: To: Exim-users 題目: Re: [exim] PFS encryption
Am 30.07.2013 11:19, schrieb Graeme Fowler: > On 30 Jul 2013, at 08:56, Cyborg <cyborg2@???> wrote:
>> as i just read about PFS, i was wondering how exim is handling the key exchange.
>>
>> the article suggested to use these ciphers in this order:
>>
>> TLS_ECDHE_RSA_WITH_RC4_128_SHA
>> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
>> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
>> TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
> Look for tls_require_ciphers in the docs.
>
But was is the DEFAULT ?
Is it the output of "openssl ciphers" ?
if so, i don't see any ellipticbased ciphers there, but at least they
use DHE, which indicates PFS is used, which is good.
Next question, out of curiosity :
are there any statistics about the usage of ciphers in exim mailservers ?
( google returns only the exim specs as result for "statistics about
exim cipher usage" )