Am 07.02.2015 um 11:05 schrieb SW:
>
>> Short: See my last answer - secure is never a black or white decission.
>> The chosen cypher will protect your traffic and its better than plain
>> text.
>>
>> Long: The client negotiates the supported ciphers with the server and
>> chooses one that fits for
Short: See my last answer - secure is never a black or white decission.
The chosen cypher will protect your traffic and its better than plain text.
Long: The client negotiates the supported ciphers with the server and
chooses one that fits for him. I *guess* that k9/anroid simply does not
suppo
Am 07.02.2015 um 10:10 schrieb SW:
> I've just done a test with K9 mail on Android 4.4.2 and this is what I
> see in the log:
>
> ECDHE-ECDSA-AES128-SHA (128/128 bits)
>
> But when using Thunderbird I see:
>
> ECDHE-ECDSA-AES128-GCM-SHA256 (128/128 bits)
>
> I'm happy that Thunderbird is using
I've just done a test with K9 mail on Android 4.4.2 and this is what I
see in the log:
ECDHE-ECDSA-AES128-SHA (128/128 bits)
But when using Thunderbird I see:
ECDHE-ECDSA-AES128-GCM-SHA256 (128/128 bits)
I'm happy that Thunderbird is using a secure cipher but is Android? Is
ECDHE-ECDSA-AES12
Is this an improvement (or more secure) despite going from 256bits to
128bits?
yes it is because AES-GCM is currently the best cipher suite while there
is no point for AES256, if AES128 will fall then it likely affects
AES256 too and according to Brcue Schneier years ago AES128 has even
less prob
Am 07.02.2015 um 04:47 schrieb Reindl Harald:
>
> Am 06.02.2015 um 23:13 schrieb SW:
>> According to https://cipherli.st/
>>> ssl = yes
>>> ssl_cert = >> ssl_key = >> ssl_protocols = !SSLv2 !SSLv3
>>> ssl_cipher_list = AES128+EECDH:AES128+EDH
>>> ssl_prefer_server_ciphers = yes # >Dovecot 2.2.6
Am 06.02.2015 um 23:13 schrieb SW:
According to https://cipherli.st/
ssl = yes
ssl_cert = Dovecot 2.2.6
Is what you want.
Ok, so I have changed my ssl_cipher_list to: ssl_cipher_list =
AES128+EECDH:AES128+EDH
Before I made this change clients were connecting with the following
cipher in th
According to https://cipherli.st/
ssl = yes
ssl_cert = Dovecot 2.2.6
Is what you want.
Ok, so I have changed my ssl_cipher_list to: ssl_cipher_list =
AES128+EECDH:AES128+EDH
Before I made this change clients were connecting with the following
cipher in the log file:
ECDHE-ECDSA-AES256-SH
Quoting SW :
Hi All
First the essentials:
dovecot --version: 2.2.15
/usr/local/etc/dovecot/conf.d/10-ssl.conf:
ssl = required
ssl_cert =
HIGH:EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:EDH+aRSA:ECDHE-RSA-AES256-SHA:+
Hi All
First the essentials:
dovecot --version: 2.2.15
/usr/local/etc/dovecot/conf.d/10-ssl.conf:
ssl = required
ssl_cert =
ssl_key = ssl_cipher_list =
HIGH:EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:EDH+aRSA:ECDHE-
10 matches
Mail list logo
