On Mon, Mar 7, 2016 at 10:39 AM, Klaus Ethgen <[email protected]> wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > Hi, > > No comment to ECDH itself, but: > > Am Mo den 7. Mär 2016 um 9:50 schrieb Renaud Allard: > > openssl_options = +no_compression +cipher_server_preference > +single_dh_use > > +single_ecdh_use +no_session_resumption_on_renegotiation > > I do not know if you really want to use +no_compression. That would make > it easier for known plaintext attacks. > Uhm, are you sure you're not a bit out of date regarding TLS security? For the past few years (2012 or so), most software disable compression to _reduce_ the risk of known attacks, because of how compression and TLS interoperate. OpenSSL 1.1.0 has disabled compression by default, this is something you need to enable manually. The reason for this is the CRIME attack against TLS 1.0. TLS 1.2 defaults to a "null" method that actually does no compression. While CRIME itself isn't an SMTP attack, most security recommendations I've ever read since 2012, recommend to _disable_ compression regardless of what protocol is using TLS, due to the inherent risks. If you have evidence otherwise, please share, because I (and probably many others!) are very interested in a technical explanation of why this isn't something to worry about. -- Jan -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
