[Ach] SMTP client mode ciphers
Wolfgang Breyha
wolfgang.breyha at univie.ac.at
Tue Nov 19 00:49:42 CET 2013
Hi!
On 2013-11-18 23:24, christian mock wrote:
> In reality, a lot of people are "managing" SMTP servers that shouldn't.
And exactly those should not change ciphers at all;-) And all the others
wouldn't mind to read some details IMO.
> I think that depends; from your point of view as a university admin,
> you probably have no influence on the client software. A company admin
> may completely control the choice of clients and may be able to reduce
> the cipher suites more.
But the document does not have a "point of view" and wants to give
recommendations for all admins.
>> In client mode I recognized hosts using eg.
>> TLSv1.2:DHE-DSS-AES256-GCM-SHA384:256
>> ... not available with the recommended ciphersuite.
>
> 'cause your server has a 1024 bit DSS certificate?
The server my relay talked to has such a certificate.
I will try to add a "SMTP overview" seciton and some additional stuff to
the exim section.
Please understand all of the stuff I add(ed) as "open for discussion".
Servus, Wolfgang
--
Wolfgang Breyha <wolfgang.breyha at univie.ac.at> | http://www.blafasel.at/
Vienna University Computer Center | Austria
More information about the Ach
mailing list