On Sat, Dec 28, 2013 at 12:23:21PM -0600, Bobber wrote: > Thanks very much for your help Viktor. I was able to specify the > RC4-MD5 cipher and it works. > > I am using Qmail with the John Simpson patch set by the way. There > is a control file (tlsclientcipher) which John had not documented > but is there. After some discussion with another qmail user, he > told me about it and sure enough it works.
Does this modify the ciphers used for all connections, or just for the server in question? > Any suggestions for what ciphers to put in the list besides RC4-MD5? If you read my previous responses on this thread, you'll notice I recommended: aRSA+AES128+kEECDH:aRSA+AES128+kEDH:aRSA+AES128+kRSA:RC4-SHA:@STRENGTH as a compact OpenSSL cipherlist that inter-operates with Exchange and yet yields AES with forward-secrecy whenever possible. If you're not authenticating the SMTP server (almost nobody is), you can allow both anonymous and ECDSA ciphers without bloating the list too much: aNULL:-aNULL:AES128+kEECDH:AES128+kEDH:AES128+kRSA:RC4-SHA this prefers aNULL, since you don't check the certs anyway. -- Viktor. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org