Ahoj, Dňa Sun, 21 Aug 2022 14:23:16 +0000 Alexander Huynh via mailop <[email protected]> napísal:
> On 2022-08-21 12:35:18 +0200, Slavko via mailop wrote: > >if there are known some issues with ECcerts. > > Yes, there are. I ran the exact setup you described, and I had to > debug a whole slew of cipher suite mismatches, bringing out tcpdump > and Wireshark. Please, can you elaborate more from where the cipher suites mismatch was coming? I mean if it was (your) server or the remote side, which provided/requested them. > Guess which cipher suites are advertised more often during the TLS > handshake. I will do not guess. I can (and i do it regularly) check my logs to see negotiated cipher suites, but that is irrelevant, as my MTA is low traffic, communicating mostly with the same hosts, thus these numbers are not representative. BTW, Chris, if ssl-enum-ciphers nmap's script was not updated recently (1-3 years -- i do not remember when exactly i tried it last), do not rely on it, it doesn't support TLS1.3... regards -- Slavko https://www.slavino.sk
pgpqMOHDJYkKH.pgp
Description: Digitálny podpis OpenPGP
_______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
