You've likely all been hearing that RC4 is on its way out, with increasingly practical attacks to extract fixed plaintext that is sent repeatedly in lots of messages (e.g. HTTP cookies).
While it is not clear how to extend these attacks to MTA-to-MTA SMTP (except when SASL PLAIN auth is used), there is some merit in trying to phase out support for RC4. Before that's done however, I would like to have some evidence that the need for RC4 is diminishing. Therefore, I'd like to ask the list whether you're seeing declining use of RC4 in your TLS connections (inbound or outbound). Are there over time fewer servers that don't support AES? How long do you think you'll continue to need RC4? The reason I ask, is that I'm lately also a member of the OpenSSL development team, and they (we) are considering reclassifying RC4 as "LOW" rather than "MEDIUM" in the upcoming OpenSSL 1.1.0 release (towards the end of this year). That release is likely to appear in new "distros" some time next year, and Postfix built against that version of OpenSSL might no longer support RC4 by default. If RC4 is still needed to interoperate with the long tail of Exchage 2003 and similar SMTP servers, I can accept that proposed change, and make changes in the Postfix cipherlists to accomodate RC4 as a last resort (because it is still needed). Or I can argue against the reclassification of RC4 to LOW and say that the right change is just to drop it from the "DEFAULT" cipherlist. Or perhaps it will soon enough not be needed at all? So, if you have any data on long-term trends in RC4 use, especially from a site with a high volume of traffic (1 million messages per day or more), please post your findings. Is RC4 disappearing from SMTP TLS, or continuing to be used by laggards resistant to change? -- Viktor.