pkgsrc-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: ECDH support for sendmail

On Wed, Nov 06, 2013 at 02:48:21PM +0100, Fredrik Pettai wrote:
> > The same thing happens with mail clients, and I can see an improvement of
> > PFS usage with ECDH-enabled sendmail. I have not yet identified what clients
> > are impacted, but there are some that did not pick DHE ciphers, but now
> > negociate ECDHE ciphers.
> Thanks for explaining this. Now your patch makes sense :) I was
> also about to comment about your patch too, because I was thinking
> MTA to MTA communication. (You didn't mention that this was mostly
> for MAU to MTA communication.)

Here are numbers for a mix of a hundred of clients using 
authenticated SMTP over TLS:

             Before  After  Notes
PFS             36%    97%  Almost all DHE capable clients switched to ECDHE
128 bit keys    63%     1%
168 bit keys     1%     2%  This is triple DES. 
256 bit keys    36%    97%  Remaining switched to 3DES at 168 bit length

Emmanuel Dreyfus

Home | Main Index | Thread Index | Old Index