On Fri, Mar 11, 2016 at 10:27:17AM -0500, John A @ KLaM wrote:
> As a result of following various - how tos, warnings, notices etc., I
> currentky exclude from both smtp & smtpd
>
> aNULL, DES, 3DES, MD5, RC2. RC4,
> RC5, IDEA, SRP, PSK, aDDS, kECDhe,
> kECDhr, kDHd, kDHr, SEED, IDEA, LOW, EXPORT
>
> Is this list reasonable and/or accurate.
I do not recommend exclusion of aNULL.
Exclusion of 3DES and RC5 is your call, no particularly strong
reason to drop or keep. So wait I'd generally wait for OpenSSL to
drop them instead.
With 3DES there are likely still some systems that don't have AES,
and 3DES is their best cipher other than RC4, so if you exclude
both, you don't interoperate. However, by now such systems are
fairly rare. I'd keep 3DES for now.
Your neighbouring Doctor of Dental Surgery (DDS) does not wish to
be discriminated against. Try "aDSS" (Digital Signature System)
instead.
--
Viktor.
