On 12/27/2013 03:39 PM, Viktor Dukhovni wrote:
There's your problem! This server (likely Exchange 2003) has a broken
implementation of 3DES CBC padding (search Postfix users archives for
my posts on the subject), and your cipher list is either long enough
to cause it to not see RC4-SHA and RC4-MD5 or you've disabled RC4
(directly, or by only enabling HIGH grade ciphers). Exchange 2003
servers can't do better than RC4-SHA.
Thanks very much for your help Viktor. I was able to specify the
RC4-MD5 cipher and it works.
I am using Qmail with the John Simpson patch set by the way. There is a
control file (tlsclientcipher) which John had not documented but is
there. After some discussion with another qmail user, he told me about
it and sure enough it works.
Any suggestions for what ciphers to put in the list besides RC4-MD5?
--
Bob Wooldridge
Blog: http://kc0dxf.net/blog
