[Ach] SMTP client mode ciphers

Wolfgang Breyha wolfgang.breyha at univie.ac.at
Tue Nov 19 00:49:42 CET 2013


On 2013-11-18 23:24, christian mock wrote:
> In reality, a lot of people are "managing" SMTP servers that shouldn't.

And exactly those should not change ciphers at all;-) And all the others
wouldn't mind to read some details IMO.

> I think that depends; from your point of view as a university admin,
> you probably have no influence on the client software. A company admin
> may completely control the choice of clients and may be able to reduce
> the cipher suites more.

But the document does not have a "point of view" and wants to give
recommendations for all admins.

>> In client mode I recognized hosts using eg.
>> TLSv1.2:DHE-DSS-AES256-GCM-SHA384:256
>> ... not available with the recommended ciphersuite.
> 'cause your server has a 1024 bit DSS certificate?

The server my relay talked to has such a certificate.

I will try to add a "SMTP overview" seciton and some additional stuff to
the exim section.

Please understand all of the stuff I add(ed) as "open for discussion".

Servus, Wolfgang
Wolfgang Breyha <wolfgang.breyha at univie.ac.at> | http://www.blafasel.at/
Vienna University Computer Center              | Austria

More information about the Ach mailing list