[Ach] pegasus mail vs. prefer_server_ciphers
Wolfgang Breyha
wolfgang.breyha at univie.ac.at
Tue Nov 19 17:16:54 CET 2013
Hi!
The latest and greatest release (4.63 dated 01.2012) of pegasus mail failed to
connect to our MSAs after activating prefer_server_ciphers.
Some debugging offered that pegasus fails badly on DHE. I tried several
dhparams from ike23, ike22, ike5, ike2 and self generated 512bit. Pegasus
fails with all of them.
Pegasus prefers:
3DES_CBC_SHA
AES_256
AES_128
DHE_3DES_CBC_SHA
DHE_AES_256
DHE_AES_128
That's the reason why it worked without prefer_server_ciphers. Removing the
DHE ciphers from my list makes pegasus happy again.
Has someone an idea how to "fix" that without removing these three DHE ciphers
or removing prefer_server_ciphers?
Servus, Wolfgang
PS: Most likely the same is true for Mercury SMTP Servers.
--
Wolfgang Breyha <wolfgang.breyha at univie.ac.at> | http://zid.univie.ac.at/
Vienna University Computer Center | Austria
More information about the Ach
mailing list