Hi!
I tried connecting to archiveopteryx like this:
openssl s_client -cipher 'ECDH:DH' -connect my_server.fqdn:993
CONNECTED(00000003)
139805585204880:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
failure:s23_lib.c:177:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 517 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
An IMAP session without forced cipher results in:
New, TLSv1/SSLv3, Cipher is AES256-GCM-SHA384
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : AES256-GCM-SHA384
So I was wondering: is it possible to configure archiveopteryx in a way that
enables forward
secrecy?
