--On Tuesday, February 08, 2011 11:39 AM -0800 Quanah Gibson-Mount
<qua...@zimbra.com> wrote:
OpenSSL.org states:
aNULL
the cipher suites offering no authentication. This is currently the
anonymous DH algorithms. These cipher suites are vulnerable to a ``man in
the middle'' attack and so their use is normally discouraged.
However, this cipher suite is enabled by default with postfix for the
smtpd process:
smtp_tls_mandatory_ciphers = medium
tls_medium_cipherlist = ALL:!EXPORT:!LOW:+RC4:@STRENGTH
Shouldn't it be excluded by default? I got rid of it by adding it to
smtpd_tls_exclude_ciphers
Never mind, I see it's automatically disabled if client certs are requested.
--Quanah
--
Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
