On Sat, Dec 28, 2013 at 12:58:58PM -0600, Bobber wrote:
> >Does this modify the ciphers used for all connections, or just for
> >the server in question?
>
> All connections.
In that case I would go for the second cipherlist, though still
compact, it is a superset of the first and will interoperate with
more peer systems.
> > aNULL:-aNULL:AES128+kEECDH:AES128+kEDH:AES128+kRSA:RC4-SHA
> >
> >this prefers aNULL, since you don't check the certs anyway.
Assuming of course that qmail can handle aNULL ciphers. If not, use:
!aNULL:AES128+kEECDH:AES128+kEDH:AES128+kRSA:RC4-SHA
which is 16 ciphers in total and includes RC4-SHA as a last resort.
I am not aware of any SMTP servers that support TLS, but offer
neither AES128 nor RC4-SHA.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]
