[Ach] SMTP client mode ciphers

christian mock cm at coretec.at
Mon Nov 18 17:33:29 CET 2013

On Mon, Nov 18, 2013 at 05:02:00PM +0100, Wolfgang Breyha wrote:
> Hi!
> I think we should add a note, that it is a very very bad idea to limit the
> cipher suite for SMTP client mode with the currently recommended one since it
> contains only RSA ciphers?

What is your experience of the understanding that people (our readers)
have of the difference between opportunistic SMTP encryption,
mandatory encryption (when you force communication with a certain MX
to be encrypted), and encryption for submission/authenticated

I think some explanation/introduction to those would be in order, but
I don't think that fits into the SMTP/postfix/exim sections. But will
people read it in one of the other sections when all they're looking
for is cut&paste code for their infrastructure?

Hard question...


Christian Mock                          Wiedner Hauptstr. 15
Senior Security Engineer                1040 Wien
CoreTEC IT Security Solutions GmbH      +43-1-5037273
FN 214709 z

CoreTEC: Web Application Audit - Damit so etwas nicht passiert!



More information about the Ach mailing list