On 2013-09-11 03:20, Sam Varshavchik wrote:
> Anders writes:
>
>> « HTML content follows »
>> Thank you. I will check that man page - I was looking at the
>> couriertls docs and didn't see this.
>>
>> One note though. I do not want to disable RC4, but only keep it as
>> fallback. Is that possible?
>
> The authoritative documentation is here:
>
> http://www.gnutls.org/manual/html_node/Priority-Strings.html#Priority-Strings
>
>
> Actually, looks like the keyword for RC4 would be "ARCFOUR-128".
>
> Reading what it says here, if you add a keyword to remove it, then add
> it, it should end up being the last cipher in the preference list. So:
>
> NORMAL:-CTYPE-OPENPGP:-ARCFOUR-128:+ARCFOUR-128
>
> Haven't tried it myself. Looks weird, but, according to how I parse
> the docs, that's what it should be.
Although this doesn't fail, it still doesn't change the RC4-SHA that
Courier/ESMTPD uses against Gmail. Look at the following email header:
Received: from mail.tnonline.net
by mx.google.com with ESMTPS id pw1si236926lbb.136.1969.12.31.16.00.00
(version=TLSv1.2 cipher=RC4-SHA bits=128/128);
Granted, TLSv1.2 is supposed to be safe against the published attacks,
so it might be OK anyway.... Still would be nice to know why
Courier/GnuTLS doesn't choose highest supported cipher?
Would the TLS_PRIORITY options work for IMAP (imapd-ssl) too? I have
tried to use SECURE128/192 instead of NORMAL, but I can't connect at all
then - with any client or openssl s_client.
~A
------------------------------------------------------------------------------
How ServiceNow helps IT people transform IT departments:
1. Consolidate legacy IT systems to a single system of record for IT
2. Standardize and globalize service processes across IT
3. Implement zero-touch automation to replace manual, redundant tasks
http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk
_______________________________________________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
