I think you have to consider Postel's Law here. If your cipher choices are causing problems for your clients, then... maybe relax them a bit?
Transport encryption is not for confidentially anyway. Ken. On Mon, Mar 4, 2024, 16:34 Cyril - ImprovMX via mailop <[email protected]> wrote: > Hi everyone, > > Some users are reaching out to us telling they have issues connecting to > our service because of incompatibility between the set of ciphers offered > during the connection. > > On our send, we decided to use the ciphers suggested by Mozilla on their > SSL Configuration Generator (https://ssl-config.mozilla.org/) (level > "Intermediate") but I'm aware it's more for the HTTPS connections that > ESMTP / TLS. > > So maybe there is another set of ciphers recommended for creating secured > connections in email that I'm not aware of. Do you have any recommendations > for this or is the ones from Mozilla (Intermediate) is good enough? > > If you want to avoid loading the link, here are the ciphers suggested by > them: > > > Ciphers: > ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305 > > Cipher > suites: > TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 > > And we only accept TLS at v1.2 and higher. > > Thank you in advance. > _______________________________________________ > mailop mailing list > [email protected] > https://list.mailop.org/listinfo/mailop >
_______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
