[Dovecot] patch for ssl_prefer_server_ciphers in dovecot 2.1
Darren Pilgrim
list_dovecot at bluerosetech.com
Sun Oct 20 03:38:10 EEST 2013
On 10/19/2013 5:24 PM, Reindl Harald wrote:
> Am 20.10.2013 01:58, schrieb Darren Pilgrim:
>> On 10/18/2013 5:32 AM, Reindl Harald wrote:
>>> this does *not work* with Outlook 2003-2010 on Windows XP
>>
>> It's not Outlook's fault. Office, IE, etc. all use stunnel which, on XP/2003, is as outdated as OpenSSL 0.9.8.
>>
>> Enable 3DES to support XP clients
>
> and how does that give you any gain over RC4?s
The cipherspec given disables both. Given a choice, I'd rather have
3DES than RC4.
> http://en.wikipedia.org/wiki/Triple_DES#Security
> http://en.wikipedia.org/wiki/RC4#Security
Umm... did you actually read those? That's a long, varied list of
attacks on RC4, whereas 3DES is only vulnerable to the same attacks as
all other CBC-mode ciphers. 112-bit encryption is still generally safe
for at least a few more years. Well past the point where we don't have
to worry about XP anymore.
--
Please reply on list.
More information about the dovecot
mailing list