TLS config check

SW dovecot at bsdpanic.com
Sat Feb 7 09:00:51 UTC 2015


Is this an improvement (or more secure) despite going from 256bits to 
128bits?
>> yes it is because AES-GCM is currently the best cipher suite while there
>> is no point for AES256, if AES128 will fall then it likely affects
>> AES256 too and according to Brcue Schneier years ago AES128 has even
>> less problems then AES256 (too lazy for google it again)
>>
> Well, I am working in the crypto field and was a bit astonished about
> this "rant" - so a quick search brought up
> https://www.schneier.com/blog/archives/2009/07/another_new_aes.html -
> for those who want it more compact
> http://crypto.stackexchange.com/questions/5118/is-aes-256-weaker-than-192-and-128-bit-versions.
>
> Bottom line: AES256 *IS* better than AES128 for the intended usage but
> it is also true that AES-GCM rules out other AES based block ciphers for
> other kinds of attacks, so there is no "black or white" answer. To be
> honest, I wont worry on this - people who are in the position to break
> even a 128bit key will most likely find other ways to get into your mail
> communication ;)
>
> Oliver
>

Thank you all for your replies. I will keep the setting then to:

AES128+EECDH:AES128+EDH





More information about the dovecot mailing list