Re: cyrus 2.4.17 TLS woes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 01/15/2015 10:04 AM, Wolfgang Breyha wrote:
> Maybe
> https://bettercrypto.org/
> is of help.
>

Thanks for both writing and sharing that document.  Unfortunately it 
only has this to say about cyrus-imap:

-------------------------------------------------
Limiting the ciphers provided may force (especially older) clients to 
connect without encryption at all! Sticking to the defaults is recommended

If you still want to force strong encryption use

tls_cipher_list: 
EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+\ 
aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!\
eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-\
SHA:CAMELLIA128-SHA:AES128-SHA
-------------------------------------------------


OK, but then what is the default?  The imapd.conf man page only tells us 
this:

    tls_cipher_list: DEFAULT

I guess my real concern is recent SSL exploits.  Maybe if I'm only using 
STARTTLS this isn't a worry anyway?

----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus



[Index of Archives]     [Cyrus SASL]     [Squirrel Mail]     [Asterisk PBX]     [Video For Linux]     [Photo]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux