20 Feb
2015
20 Feb
'15
8:03 p.m.
On Fri, Feb 20, 2015 at 07:54:01PM +0100, Patrick Ben Koetter wrote:
We've been running large (ISP) sites without RC4 and aNull for more than a year without any trouble. Personally I wouldn't hesitate to disable both. YMMV.
I also think that disabling anonymous Diffie-Hellman on SMTP servers is not a good idea or is at least pointless.
http://www.ietf.org/mail-archive/web/uta/current/msg01029.html
SMTP clients should IMHO only drop anonymous ciphersuites from their TLS cipherlist if they are planning to do *something* with the certificate.
--
Viktor.