Thank you. I will check that man page - I was looking at the couriertls docs
and didn't see this.
One note though. I do not want to disable RC4, but only keep it as fallback. Is
that possible?
~A
Sam Varshavchik <mr...@courier-mta.com> wrote:
>Anders writes:
>
>> Since RC4/ARCFOUR has been in the news as "breakable" I was wondering
>if
>> it is possible to have courier prioritize AES in favour of RCA if
>supported?
>>
>> For example, gmail uses RC4 by default, but does support AES:
>>
>> # openssl s_client -connect gmail-smtp-in.l.google.com:25 -starttls
>smtp
>> Protocol : TLSv1.2
>> Cipher : ECDHE-RSA-RC4-SHA
>>
>> # openssl s_client -cipher AES128-SHA -connect
>> gmail-smtp-in.l.google.com:25 -starttls smtp
>> Protocol : TLSv1.2
>> Cipher : AES128-SHA
>>
>>
>> I have tried to set
>TLS_PRIORITY="AES256-SHA256:NORMAL:-CTYPE-OPENPGP"
>> or TLS_PRIORITY="AES-256-CBC:NORMAL:-CTYPE-OPENPGP" or to both esmtpd
>> and esmtpd-msa but then I cannot connect at all (using openssl to my
>> courier server). If I leave default "NORMAL:-CTYPE-OPENPGP" it works:
>>
>> # openssl s_client -connect localhost:587 -starttls smtp
>> Protocol : TLSv1.2
>> Cipher : AES256-SHA256
>>
>>
>> So, what I am trying to achieve is to prioritize some ciphers before
>> others, even for normal smtp courier->other host (like gmail). How
>> should I use the TLS_PRIORITY setting properly do this? I have tried
>to
>> use ciphers and ciphersuites from "gnutls-cli -l". Courier is
>compiled
>> with with gnutls
>
>For gnutls, its cipher priority configuration is documented in its man
>pages:
>
>http://manpages.courier-mta.org/htmlman3/gnutls_priority_init.3.html
>
>If you want to exclude RC4, try
>
>NORMAL:-CTYPE-OPENPGP:-RC4
>
>
>
>------------------------------------------------------------------------
>
>------------------------------------------------------------------------------
>How ServiceNow helps IT people transform IT departments:
>1. Consolidate legacy IT systems to a single system of record for IT
>2. Standardize and globalize service processes across IT
>3. Implement zero-touch automation to replace manual, redundant tasks
>http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk
>
>------------------------------------------------------------------------
>
>_______________________________________________
>courier-users mailing list
>courier-users@lists.sourceforge.net
>Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
------------------------------------------------------------------------------
How ServiceNow helps IT people transform IT departments:
1. Consolidate legacy IT systems to a single system of record for IT
2. Standardize and globalize service processes across IT
3. Implement zero-touch automation to replace manual, redundant tasks
http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk
_______________________________________________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
