felixhammerl
commented
9 years ago try the chrome app instead of the web app, it uses native tls. for the webapp, and STARTTLS on iOS/Android, we need to fall back to forge, which has only these cipher suites: https://github.com/digitalbazaar/forge/issues/217 if this is implemented in forge, we'll include it here.
I run my own mail server, and for both IMAP and SMTP support I have only these ciphers allowed:
ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA256-SHA
whiteout cannot connect to either service because they don't have any ciphers in common, if I drop down the ciphers to something like:
HIGH:+TLSv1:!SSLv2
Then it can connect, and postfix says it's connecting with: TLSv1.1 with cipher AES256-SHA (256/256 bits) while my other clients connect with: TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)
Is this a configuration issue that can be fixed with whiteout? Or is it a limitation of forge?