Displaying 3 results from an estimated 3 matches for "brcue".
Did you mean:
blue
2015 Feb 06
2
TLS config check
According to https://cipherli.st/
> ssl = yes
> ssl_cert = </etc/dovecot.cert
> ssl_key = </etc/dovecot.key
> ssl_protocols = !SSLv2 !SSLv3
> ssl_cipher_list = AES128+EECDH:AES128+EDH
> ssl_prefer_server_ciphers = yes # >Dovecot 2.2.6
> Is what you want.
Ok, so I have changed my ssl_cipher_list to: ssl_cipher_list =
AES128+EECDH:AES128+EDH
Before I made this change
2015 Feb 07
3
TLS config check
...its)
>>
>> Is this an improvement (or more secure) despite going from 256bits to
>> 128bits?
>
> yes it is because AES-GCM is currently the best cipher suite while there
> is no point for AES256, if AES128 will fall then it likely affects
> AES256 too and according to Brcue Schneier years ago AES128 has even
> less problems then AES256 (too lazy for google it again)
>
Well, I am working in the crypto field and was a bit astonished about
this "rant" - so a quick search brought up
https://www.schneier.com/blog/archives/2009/07/another_new_aes.html -
for...
2015 Feb 07
0
TLS config check
...A-AES128-GCM-SHA256 (128/128 bits)
>
> Is this an improvement (or more secure) despite going from 256bits to
> 128bits?
yes it is because AES-GCM is currently the best cipher suite while there
is no point for AES256, if AES128 will fall then it likely affects
AES256 too and according to Brcue Schneier years ago AES128 has even
less problems then AES256 (too lazy for google it again)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://dovecot.org...