> On Apr 20, 2018, at 8:17 PM, Phil Pennock via Exim-users <exim-users@???> wrote:
>
> .ifdef _HAVE_OPENSSL
> tls_require_ciphers = HIGH:@STRENGTH
> .endif
I'd make that:
HIGH:!aNULL:!aDSS:!kECDHr:!kECDHe:!kDHr:!kDHd
Because, the ciphers are already sensibly ordered as of OpenSSL 1.0.0.
The HIGH ciphers are only HIGH by virtue of symmetric cipher strength,
but in fact include anon-DH ciphers with strong bulk crypto, which given
the desired to authenticate the peer should not be included.
This also disables DSA which nobody uses and fixed DH/ECDH ciphers which
are not and should not be used. With OpenSSL 1.0.2 this brings the cipher
count down from 82 to 52.
--
Viktor.
