ml at ruggedinbox.com writes:
> Our smtp server is postfix, can you please suggest a better
> 'ssl_protocols' and 'ssl_cipher_list' configuration ?
> We are running Debian 7 Wheezy
A useful command to know is "openssl ciphers" run on the server that
will
tell you the ciphers available given a protocol and cipher list spec.
If it comes out to empty, your client won't be able to negotiate any
SSL sessions, and you'll have include more ciphers. For example,
TLSv1 protocol minus any low-grade encryption or SSLv2 ciphers:
$ openssl ciphers -tlsv1 'ALL:\!LOW:\!SSLv2'
ADH-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:ADH-AES128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:ADH-DES-CBC3-SHA:EXP-ADH-DES-CBC-SHA:ADH-RC4-MD5:EXP-ADH-RC4-MD5:EDH-RSA-DES-CBC3-SHA:EXP-EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC3-SHA:EXP-EDH-DSS-DES-CBC-SHA:DES-CBC3-SHA:EXP-DES-CBC-SHA:IDEA-CBC-SHA:EXP-RC2-CBC-MD5:RC4-SHA:RC4-MD5:EXP-RC4-MD5
Joseph Tam <jtam.home at gmail.com>