Is this an improvement (or more secure) despite going from 256bits to
128bits?
yes it is because AES-GCM is currently the best cipher suite while there
is no point for AES256, if AES128 will fall then it likely affects
AES256 too and according to Brcue Schneier years ago AES128 has even
less problems then AES256 (too lazy for google it again)
Well, I am working in the crypto field and was a bit astonished about
this "rant" - so a quick search brought up
https://www.schneier.com/blog/archives/2009/07/another_new_aes.html -
for those who want it more compact
http://crypto.stackexchange.com/questions/5118/is-aes-256-weaker-than-192-and-128-bit-versions.
Bottom line: AES256 *IS* better than AES128 for the intended usage but
it is also true that AES-GCM rules out other AES based block ciphers for
other kinds of attacks, so there is no "black or white" answer. To be
honest, I wont worry on this - people who are in the position to break
even a 128bit key will most likely find other ways to get into your mail
communication ;)
Oliver
Thank you all for your replies. I will keep the setting then to:
AES128+EECDH:AES128+EDH
