SEMI-OT: Prohibiting RC4 Cipher Suites
Viktor Dukhovni
ietf-dane at dukhovni.org
Fri Feb 20 20:03:04 CET 2015
On Fri, Feb 20, 2015 at 07:54:01PM +0100, Patrick Ben Koetter wrote:
> We've been running large (ISP) sites without RC4 and aNull for more than a
> year without any trouble. Personally I wouldn't hesitate to disable both.
> YMMV.
I also think that disabling anonymous Diffie-Hellman on SMTP servers
is not a good idea or is at least pointless.
http://www.ietf.org/mail-archive/web/uta/current/msg01029.html
SMTP clients should IMHO only drop anonymous ciphersuites from
their TLS cipherlist if they are planning to do *something* with
the certificate.
--
Viktor.
More information about the dane-users
mailing list