TLS config check
Oliver Welter
mail at oliwel.de
Sat Feb 7 09:21:12 UTC 2015
Am 07.02.2015 um 10:10 schrieb SW:
> I've just done a test with K9 mail on Android 4.4.2 and this is what I
> see in the log:
>
> ECDHE-ECDSA-AES128-SHA (128/128 bits)
>
> But when using Thunderbird I see:
>
> ECDHE-ECDSA-AES128-GCM-SHA256 (128/128 bits)
>
> I'm happy that Thunderbird is using a secure cipher but is Android? Is
> ECDHE-ECDSA-AES128-SHA ok/secure?
Short: See my last answer - secure is never a black or white decission.
The chosen cypher will protect your traffic and its better than plain text.
Long: The client negotiates the supported ciphers with the server and
chooses one that fits for him. I *guess* that k9/anroid simply does not
support the GCM cipher and therefore uses another one. To get the "best"
result you need to list up all supported ciphers of your client and
server and choose one, but be warned that if you ask two analyst, you
might not get the same answer which is "best" as this dependes on the
kind of threats you want to take care of
Oliver
--
Protect your environment - close windows and adopt a penguin!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4074 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://dovecot.org/pipermail/dovecot/attachments/20150207/02994e78/attachment.p7s>
More information about the dovecot
mailing list