SEMI-OT: Prohibiting RC4 Cipher Suites

Viktor Dukhovni ietf-dane at
Fri Feb 20 20:03:04 CET 2015

On Fri, Feb 20, 2015 at 07:54:01PM +0100, Patrick Ben Koetter wrote:

> We've been running large (ISP) sites without RC4 and aNull for more than a
> year without any trouble. Personally I wouldn't hesitate to disable both.

I also think that disabling anonymous Diffie-Hellman on SMTP servers
is not a good idea or is at least pointless.

SMTP clients should IMHO only drop anonymous ciphersuites from
their TLS cipherlist if they are planning to do *something* with
the certificate.


More information about the dane-users mailing list