OpenSSL.org states:
aNULL
the cipher suites offering no authentication. This is currently the
anonymous DH algorithms. These cipher suites are vulnerable to a ``man in
the middle'' attack and so their use is normally discouraged.
However, this cipher suite is enabled by default with postfix for the smtpd
process:
smtp_tls_mandatory_ciphers = medium
tls_medium_cipherlist = ALL:!EXPORT:!LOW:+RC4:@STRENGTH
Shouldn't it be excluded by default? I got rid of it by adding it to
smtpd_tls_exclude_ciphers
--Quanah
--
Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
