[Dovecot] Possible to force cipher order?
Matthias Rieber
ml-dovecot at zu-con.org
Fri Jan 10 21:51:58 EET 2014
Hi,
is it possible to force the server cipher order instead of the clients
preferences? When I connect with openssl using these ciphers:
'RC4-SHA:DHE-RSA-AES256-GCM-SHA384' -> RC4-SHA will be selected and with
'DHE-RSA-AES256-GCM-SHA384:RC4-SHA' -> DHE-RSA-AES256-GCM-SHA384
It seems to be recommended for webservers to override that due to bad
clients choices and increasing knowledge, like RC4 vs. BEAST, AES128
better (theoretical) than AES256.
Regards,
Matthias
More information about the dovecot
mailing list