-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I will go through the links later today, thanks.
> openssl ciphers The new OpenSSL supports many additional ciphers. Three ciphers are not supported anymore: DES-CBC-MD5, DES-CBC3-MD5, RC2-CBC-MD5 For any reason I don't understand, there are ciphers listed twice in the old OpenSSL version but also once in the new version: EXP-RC2-CBC-MD5, EXP-RC4-MD5, RC4-MD5 > openssl s_client -connect imap.example.com:143 -starttls imap dovecot 2.1.7, OpenSSL 1.0.1 e (both as shipped with Debian Weezy): New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-GCM-SHA384 dovecot 1.2.13, OpenSSL 0.9.8 g (call me outdated, I say heartbleed!): New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA However, that's talking OpenSSL to OpenSSL. > there must be matching ciphers Indeed. According to this http://msdn.microsoft.com/en-us/library/windows/desktop/aa374757(v=vs.85).aspx there should be matching ciphers if I'm not completely mistaken. (I don't know what P256 indicates in TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256. Is there a similar way to OpenSSL to check on the box, what is really supported? Or to perform a handshake like the -connect -starttls imap option of OpenSSL? > as written i will test it, but it will take time Thanks, Robert. I really appreciate it. Your comments have been really helpful to me so far. Regards Sebastian -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlNsydwACgkQR7+YB0QzbnovDQCgk21gkre2/NQ9k8mGLgWmbHyD 1goAoKSEmOvu+3IbVjt5MWCO8XQt3Hu6 =my5T -----END PGP SIGNATURE-----
