Re: [mailop] Recommended CipherList

2015-08-26 Thread Brian Reichert
On Wed, Aug 26, 2015 at 01:48:45PM -0700, Franck Martin wrote: > The best method is to use +RC4 instead of !RC4, which will put it at the > end of the negotiated cypher list. Because STARTTLS is opportunistic, RC4 > is still better than in clear. > > What you need to do is disable SSLv3. Dependin

Re: [mailop] Recommended CipherList

2015-08-26 Thread Franck Martin
The best method is to use +RC4 instead of !RC4, which will put it at the end of the negotiated cypher list. Because STARTTLS is opportunistic, RC4 is still better than in clear. What you need to do is disable SSLv3. If not mistaken, as an example, if GMail cannot negotiate a cypher and you advert

Re: [mailop] Recommended CipherList

2015-08-26 Thread Leon Weber
On 26.08.2015 10:38:10, Cor ey wrote: > cipherlist anywhere anymore, I am wondering if that's still the case. What > is the currently recommended Cipherlist? What are you all using? For advice on cipher lists, I generally turn to . This group publishes (and constantly u

Re: [mailop] Recommended CipherList

2015-08-26 Thread Matthew Huff
Subject: Re: [mailop] Recommended CipherList I found the website that I grabbed that cipherlist from. It was https://weakdh.org/sysadmin.html. Does everyone still think that this is the way to go? Thanks again in advance, Corey On Wed, Aug 26, 2015 at 10:38 AM, Cor ey mailto:bronxbomber

Re: [mailop] Recommended CipherList

2015-08-26 Thread Ben Liddicott
Windows Server 2003 (which is now officially out of support) only really works with RC4 AND the offer must be one of the first in the list as it only reads the first 16. If that's your problem then adding RSA-RC4-SHA1 is a temporary fix. The real fix is for your counterparty to upgrade. Cheers

Re: [mailop] Recommended CipherList

2015-08-26 Thread Cor ey
I found the website that I grabbed that cipherlist from. It was https://weakdh.org/sysadmin.html. Does everyone still think that this is the way to go? Thanks again in advance, Corey On Wed, Aug 26, 2015 at 10:38 AM, Cor ey wrote: > Hello, > > I run an instance of sendmail and I have run into a

[mailop] Recommended CipherList

2015-08-26 Thread Cor ey
Hello, I run an instance of sendmail and I have run into an issue where a server I am attempting to send e-mail to is deferring our messages due to a TLS handshake error that is due to our MTAs not being able to agree on a cipher. The error message is : error:1408A0C1:SSL routines:SSL3_GET_CLIEN