LuKreme wrote on 08.02.2015 12:11:
How do I get a list of the possible ciphers that are installed on the system
for use in ssl_cipher_list?
Verbose listing of all OpenSSL ciphers including NULL ciphers: openssl
ciphers -v 'ALL:eNULL'
See also: https://www.openssl.org/docs/apps/ciphers.htm
How do I get a list of the possible ciphers that are installed on the system
for use in ssl_cipher_list?
--
They all have husbands and wives and children and houses and dogs, and
you know, they've all made themselves a part of something and they can
talk about what they do. What am I gonna say?
Am 07.02.2015 um 11:05 schrieb SW:
>
>> Short: See my last answer - secure is never a black or white decission.
>> The chosen cypher will protect your traffic and its better than plain
>> text.
>>
>> Long: The client negotiates the supported ciphers with the server and
>> chooses one that fits for
Short: See my last answer - secure is never a black or white decission.
The chosen cypher will protect your traffic and its better than plain text.
Long: The client negotiates the supported ciphers with the server and
chooses one that fits for him. I *guess* that k9/anroid simply does not
suppo
Am 07.02.2015 um 10:10 schrieb SW:
> I've just done a test with K9 mail on Android 4.4.2 and this is what I
> see in the log:
>
> ECDHE-ECDSA-AES128-SHA (128/128 bits)
>
> But when using Thunderbird I see:
>
> ECDHE-ECDSA-AES128-GCM-SHA256 (128/128 bits)
>
> I'm happy that Thunderbird is using
I've just done a test with K9 mail on Android 4.4.2 and this is what I
see in the log:
ECDHE-ECDSA-AES128-SHA (128/128 bits)
But when using Thunderbird I see:
ECDHE-ECDSA-AES128-GCM-SHA256 (128/128 bits)
I'm happy that Thunderbird is using a secure cipher but is Android? Is
ECDHE-ECDSA-AES12
Is this an improvement (or more secure) despite going from 256bits to
128bits?
yes it is because AES-GCM is currently the best cipher suite while there
is no point for AES256, if AES128 will fall then it likely affects
AES256 too and according to Brcue Schneier years ago AES128 has even
less prob
Am 07.02.2015 um 04:47 schrieb Reindl Harald:
>
> Am 06.02.2015 um 23:13 schrieb SW:
>> According to https://cipherli.st/
>>> ssl = yes
>>> ssl_cert = >> ssl_key = >> ssl_protocols = !SSLv2 !SSLv3
>>> ssl_cipher_list = AES128+EECDH:AES128+EDH
>>> ssl_prefer_server_ciphers = yes # >Dovecot 2.2.6
