Add TLS server cipher preference support to hMailServer 5.6.x

Use this forum if you want to discuss a problem or ask a question related to a hMailServer beta release.
Post Reply
User avatar
RvdH
Senior user
Senior user
Posts: 1506
Joined: 2008-06-27 14:42
Location: Netherlands

Add TLS server cipher preference support to hMailServer 5.6.x

Post by RvdH » 2021-05-11 15:36

I am testing out this pull request made by SvenKiljan on github

The first part of this pull request makes sense, eg: let the server decide what ciphers it prefers and not the client, which is a requirement for some SMTP security test like the one on: https://en.internet.nl/test-mail/
The second part i am not sure about, i have been running it for a about a week now, monitoring all TLS ciphers used and cannot say i have seen any client requesting ChaCha20-Poly1305 cipher to be used, supposed to let mobile devices benefit for using a lightweight TLS 1.2/1.3 cipher over the more robust and more heavy AES based ciphers
CIDR to RegEx: d-fault.nl/CIDRtoRegEx
DNS Lookup: d-fault.nl/DNSTools
DNSBL Lookup: d-fault.nl/DNSBLLookup
GEOIP Lookup: d-fault.nl/GeoipLookup

User avatar
mattg
Moderator
Moderator
Posts: 21533
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Add TLS server cipher preference support to hMailServer 5.6.x

Post by mattg » 2021-05-12 02:30

I'd not heard of that cipher until that github discussion this last week
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

Post Reply