explicit cipher list

li...@rhsoft.net Thu, 07 Nov 2013 14:32:48 -0800

Hi

http://www.postfix.org/TLS_README.html#server_tls


am i overlooking something or is it not possible to list explcit
offered ciphers and their order like dovecot/httpd fro smtpd?

i am speaking here about non-MX servers only for submission
what i most appreciate in this way of configuration is
openssl ciphers -v '{cipherlist}' to verify it
_______________________________________________________________

dovecot:

ssl_prefer_server_ciphers = yes
ssl_cipher_list =
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:AES256-SHA:RC4-SHA:!3DES:!ADH:!aNULL:!DES:!DSS:!eNULL:!EXP:!KRB5:!LOW:!MD5:!PSK:!RC2:!SEED:!SRP:!SSLv2
_______________________________________________________________

httpd:

SSLProtocol All -SSLv2
SSLHonorCipherOrder On
SSLCipherSuite
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:AES256-SHA:RC4-SHA:!3DES:!ADH:!aNULL:!DES:!DSS:!eNULL:!EXP:!KRB5:!LOW:!MD5:!PSK:!RC2:!SEED:!SRP

explicit cipher list

Reply via email to