[Dovecot] Possible to force cipher order?

Matthias Rieber ml-dovecot at zu-con.org
Fri Jan 10 21:51:58 EET 2014


Hi,

is it possible to force the server cipher order instead of the clients 
preferences? When I connect with openssl using these ciphers:

'RC4-SHA:DHE-RSA-AES256-GCM-SHA384' -> RC4-SHA will be selected and with
'DHE-RSA-AES256-GCM-SHA384:RC4-SHA' -> DHE-RSA-AES256-GCM-SHA384

It seems to be recommended for webservers to override that due to bad 
clients choices and increasing knowledge, like RC4 vs. BEAST, AES128 
better (theoretical) than AES256.

Regards,
Matthias



More information about the dovecot mailing list