I know this has been asked before. I even created a ticket about this, but got no answer than 'it is what it is'. But let's try it again now more than a year has passed. Has anyone an updated cipherlist that works allright?
This is the (standard)list I user on the SMTP interface:
EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4
At least I would disable some weak ciphers. Because when I validate this list the first hit I get is:
At least one of your mail servers supports one or more ciphers that have a phase out status, because they are known to be fragile and are at risk of becoming insufficiently secure.
|Mail server (MX)||First found affected cipher||Status|