The best method is to use +RC4 instead of !RC4, which will put it at the end of the negotiated cypher list. Because STARTTLS is opportunistic, RC4 is still better than in clear.
What you need to do is disable SSLv3. If not mistaken, as an example, if GMail cannot negotiate a cypher and you advertise STARTTLS, the email will not be sent in clear. On Wed, Aug 26, 2015 at 8:14 AM, Leon Weber <[email protected]> wrote: > On 26.08.2015 10:38:10, Cor ey wrote: > > cipherlist anywhere anymore, I am wondering if that's still the case. > What > > is the currently recommended Cipherlist? What are you all using? > > For advice on cipher lists, I generally turn to > <https://bettercrypto.org/>. This group publishes (and constantly > updates) a comprehensive configuration guide[1] for a large set of > services which at least I haven’t had any compatibility problems with. > > -- Leon. > > [1] <https://bettercrypto.org/static/applied-crypto-hardening.pdf> > > _______________________________________________ > mailop mailing list > [email protected] > http://chilli.nosignal.org/mailman/listinfo/mailop > >
_______________________________________________ mailop mailing list [email protected] http://chilli.nosignal.org/mailman/listinfo/mailop
