Am 07.02.2015 um 10:10 schrieb SW:> I've just done a test with K9 mail on Android 4.4.2 and this is what I > see in the log: > > ECDHE-ECDSA-AES128-SHA (128/128 bits) > > But when using Thunderbird I see: > > ECDHE-ECDSA-AES128-GCM-SHA256 (128/128 bits) > > I'm happy that Thunderbird is using a secure cipher but is Android? Is > ECDHE-ECDSA-AES128-SHA ok/secure?Short: See my last answer - secure is never a black or white decission. The chosen cypher will protect your traffic and its better than plain text. Long: The client negotiates the supported ciphers with the server and chooses one that fits for him. I *guess* that k9/anroid simply does not support the GCM cipher and therefore uses another one. To get the "best" result you need to list up all supported ciphers of your client and server and choose one, but be warned that if you ask two analyst, you might not get the same answer which is "best" as this dependes on the kind of threats you want to take care of Oliver -- Protect your environment - close windows and adopt a penguin! -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4074 bytes Desc: S/MIME Cryptographic Signature URL: <http://dovecot.org/pipermail/dovecot/attachments/20150207/02994e78/attachment.p7s>
> Short: See my last answer - secure is never a black or white decission. > The chosen cypher will protect your traffic and its better than plain text. > > Long: The client negotiates the supported ciphers with the server and > chooses one that fits for him. I *guess* that k9/anroid simply does not > support the GCM cipher and therefore uses another one. To get the "best" > result you need to list up all supported ciphers of your client and > server and choose one, but be warned that if you ask two analyst, you > might not get the same answer which is "best" as this dependes on the > kind of threats you want to take care of > > > Oliver >Thanks Oliver. I had a look at: https://www.ssllabs.com/ssltest/viewClient.html?name=Android&version=4.4.2 And Android 4.4.2 does support: ECDHE-ECDSA-AES128-GCM-SHA256 So why then does K9 not connect using GCM? Could K9 mail not support this cipher? If Android supports it does this mean that K9 mail will support it too? Just trying to figure out WHY I can't get K9 to use GCM!
Am 07.02.2015 um 11:05 schrieb SW:> >> Short: See my last answer - secure is never a black or white decission. >> The chosen cypher will protect your traffic and its better than plain >> text. >> >> Long: The client negotiates the supported ciphers with the server and >> chooses one that fits for him. I *guess* that k9/anroid simply does not >> support the GCM cipher and therefore uses another one. To get the "best" >> result you need to list up all supported ciphers of your client and >> server and choose one, but be warned that if you ask two analyst, you >> might not get the same answer which is "best" as this dependes on the >> kind of threats you want to take care of >> >> >> Oliver >> > > Thanks Oliver. > > I had a look at: > > https://www.ssllabs.com/ssltest/viewClient.html?name=Android&version=4.4.2 > > And Android 4.4.2 does support: > > ECDHE-ECDSA-AES128-GCM-SHA256 > > So why then does K9 not connect using GCM? Could K9 mail not support > this cipher? If Android supports it does this mean that K9 mail will > support it too?K9 questions should go to https://code.google.com/p/k9mail/issues/list> > Just trying to figure out WHY I can't get K9 to use GCM!Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein