Re: [exim] Exclude TLS_RSA_WITH_SEED_CBC_SHA from cipher lis…

Página Inicial
Delete this message
Reply to this message
Autor: Jeremy Harris
Data:  
Para: exim-users
Assunto: Re: [exim] Exclude TLS_RSA_WITH_SEED_CBC_SHA from cipher list
On 28/03/18 10:21, Mike Brudenell via Exim-users wrote:> But given that
most MTA to MTA traffic uses *opportunistic* encryption,> falling back
to cleartext transfers if no encryption can be agreed between> the
servers, isn't it better to continue to offer and use in such>
situations a weak cipher than none at all? That is, weak encryption of
a> message is better than none at all?

Short-term yes. Long-term, no: people are supposed (hah!) to notice
that they are not getting TLS and fix the problem. We want the weak
(== too close to cleartext) methods to fall out of use.

There's a tension between the two answers; neither is perfect.
--
Cheers,
Jeremy