TLS config check

Robert Schetterer rs at sys4.de
Sat Feb 7 10:15:56 UTC 2015


Am 07.02.2015 um 11:05 schrieb SW:
> 
>> Short: See my last answer - secure is never a black or white decission.
>> The chosen cypher will protect your traffic and its better than plain
>> text.
>>
>> Long: The client negotiates the supported ciphers with the server and
>> chooses one that fits for him. I *guess* that k9/anroid simply does not
>> support the GCM cipher and therefore uses another one. To get the "best"
>> result you need to list up all supported ciphers of your client and
>> server and choose one, but be warned that if you ask two analyst, you
>> might not get the same answer which is "best" as this dependes on the
>> kind of threats you want to take care of
>>
>>
>> Oliver
>>
> 
> Thanks Oliver.
> 
> I had a look at:
> 
> https://www.ssllabs.com/ssltest/viewClient.html?name=Android&version=4.4.2
> 
> And Android 4.4.2 does support:
> 
> ECDHE-ECDSA-AES128-GCM-SHA256
> 
> So why then does K9 not connect using GCM? Could K9 mail not support
> this cipher? If Android supports it does this mean that K9 mail will
> support it too?

K9 questions should go to

https://code.google.com/p/k9mail/issues/list


> 
> Just trying to figure out WHY I can't get K9 to use GCM!



Best Regards
MfG Robert Schetterer

-- 
[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein


More information about the dovecot mailing list