[Ach] Suggested Postfix config allows some weak ciphers - please review
Wolfgang Breyha
wolfgang.breyha at univie.ac.at
Sat May 3 15:28:07 CEST 2014
On 03/05/14 12:53, christian mock wrote:
> Disabling RC4 ciphers would lose 3% of the incoming and 0.04% of
> outgoing TLS connections.
And disabling MD5 would lose such "unworthy" hosts like:
H=honeycrisp.apple.com (mail-out.apple.com) [17.151.62.51]
H=dabinett.apple.com (bz.apple.com) [17.151.62.52]
H=foxwhelp.apple.com (bz.apple.com) [17.151.62.53]
H=bz.apple.com (bz.apple.com) [17.151.62.54]
which at best connect with TLSv1:RC4-MD5:128.
And if SSL handshake fails they do not bother to try unencrypted as well.
Greetings, Wolfgang
--
Wolfgang Breyha <wolfgang.breyha at univie.ac.at> | http://www.blafasel.at/
Vienna University Computer Center | Austria
More information about the Ach
mailing list