For Postfix 2.3 I would like to be able to determine whether the actual
cipher negotiated for a session initialized with a lenient allowed cipher
list, is actually a member of a more strict cipher list.
The idea is to allow a-priori low security connections to be
opportunistically determined to be high security connections and then
with SASL allow the transmission of plain-text passwords rather instead
of requiring one-time challenge response protocols.
So the question is, how do I determine whether the current cipher is a
member of say "MEDIUM:HIGH" or "kEDH+MEDIUM+HIGH:!ADH:!DSS"?
Is this an appropriate user interface? Or should we instead just ask the
administrator to define a minimum secure-channel bit strength, which is
a more crude, but perhaps adequate control.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
