[Ach] Suggested Postfix config allows some weak ciphers - please review
wolfgang.breyha at univie.ac.at
Sat May 3 15:28:07 CEST 2014
On 03/05/14 12:53, christian mock wrote:
> Disabling RC4 ciphers would lose 3% of the incoming and 0.04% of
> outgoing TLS connections.
And disabling MD5 would lose such "unworthy" hosts like:
H=honeycrisp.apple.com (mail-out.apple.com) [18.104.22.168]
H=dabinett.apple.com (bz.apple.com) [22.214.171.124]
H=foxwhelp.apple.com (bz.apple.com) [126.96.36.199]
H=bz.apple.com (bz.apple.com) [188.8.131.52]
which at best connect with TLSv1:RC4-MD5:128.
And if SSL handshake fails they do not bother to try unencrypted as well.
Wolfgang Breyha <wolfgang.breyha at univie.ac.at> | http://www.blafasel.at/
Vienna University Computer Center | Austria
More information about the Ach