Disable SEED cipher. - Githubissues

hardware / mailserver

:warning: UNMAINTAINED - Simple and full-featured mail server using Docker

https://store.docker.com/community/images/hardware/mailserver

MIT License

1.29k stars 322 forks source link

Disable SEED cipher. #326

Closed navossoc closed 6 years ago

navossoc commented 6 years ago

Description

Disable SEED cipher, since other large mail providers doesn't accept it either (gmail, hotmail, yahoo).

While the goal is to support a broad range of clients, we reasonably disable a number of ciphers that have little support (such as SEED, CAMELLIA, ...). Source: https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29

Type of change

[X] Trivial

Status

[X] Ready

How has this been tested ?

Using https://testssl.sh/ and checking the report:

Weak 128 Bit ciphers (SEED, IDEA, RC[2,4]) not offered (OK)