RFC2595 says that TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA is REQUIRED when configuring TLS for IMAP, POP & AMAP.
All other cipher suites are OPTIONAL. RFC4616 replaced section 6 of RFC2595, with updated info for SASL. RFC3207 obsoleted RFC247, and covers both TCP/25 and the submission port (RFC2476). It doesn't specify any REQUIRED cipher suites, like RFC2595 does for IMAP/POP/AMAP. I'm sure I'm missing out on some info, but basically I'm trying to figure out the min/max & recommended cipher suite settings for POP/IMAP, as well as for STARTTLS TCP/25 & TCP/587 without breaking RFCs, "best practices", or cryptographers ability to sleep well. BR, Per Thorsheim
