On Sat, Dec 28, 2013 at 12:23:21PM -0600, Bobber wrote:
> Thanks very much for your help Viktor. I was able to specify the
> RC4-MD5 cipher and it works.
>
> I am using Qmail with the John Simpson patch set by the way. There
> is a control file (tlsclientcipher) which John had not documented
> but is there. After some discussion with another qmail user, he
> told me about it and sure enough it works.
Does this modify the ciphers used for all connections, or just for
the server in question?
> Any suggestions for what ciphers to put in the list besides RC4-MD5?
If you read my previous responses on this thread, you'll notice I
recommended:
aRSA+AES128+kEECDH:aRSA+AES128+kEDH:aRSA+AES128+kRSA:RC4-SHA:@STRENGTH
as a compact OpenSSL cipherlist that inter-operates with Exchange
and yet yields AES with forward-secrecy whenever possible. If you're
not authenticating the SMTP server (almost nobody is), you can allow
both anonymous and ECDSA ciphers without bloating the list too much:
aNULL:-aNULL:AES128+kEECDH:AES128+kEDH:AES128+kRSA:RC4-SHA
this prefers aNULL, since you don't check the certs anyway.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]
