Dear Daniel,

dear Matthias,

thank you both for your very valuable Postings!

I really appreciate it!

Actually I worked through the cipher list you sent, using it now in our production environment. MD5 is disabled, because we don’t have Windows Mobile at the moment.

Hopefully you EDH and EECDH patch will make it into upstream, then I will rework the cipher list once again :)

Best regards

Andreas

Am 11.03.2014 um 15:41 schrieb Matthias Hunstock <matthias.hunstock@tu-ilmenau.de>:

Am 11.03.2014 15:35, schrieb Daniel Kahn Gillmor:
Also note that we reenabled MD5-based ciphers because users with Windows
Mobile based phones couldn't establish secure connections.

interesting. is there published documentation of this limitation of
Windows Mobile?

Didn't find anything back then (January I think), we solved it by
capturing the handshake with tcpdump and looking at the ciphers offered
by the client (phone). The strongest cipher was something like
RSA-AES128-MD5, all of them were using MD5.

Regards
Matthias

______________________________________________
Perdition-users mailing list
Perdition-users@vergenet.net
http://lists.vergenet.net/listinfo/perdition-users