There is a recommendation for setting up Apache / nginx, but what about services such as SMTP, IMAP or FTP? They are not affected by BEAST if I understand correctly, so what would an optimal cipher list look like?
Generally speaking, you can use the same configuration. If it's safe for HTTP, it's going to safe for other protocols too.
The fact that non-HTTP servers cannot be attacked via BEAST can be taken into account when configuring the suites. For example, you can disable RC4 if you don't like it and you don't need it for interoperability.
And what about adding HIGH? Can you tell me why it is not recommended in the blog post you linked to? It was my understsnding that because of BEAST.
I don't use HIGH because it adds a bunch of suites, some of which are not necessarily secure, and also in the order of preference I am not happy with. The way I build suites is more granular: I add what I want at exactly the position I want it at.
Any hint beside RC4 what else is secure if the client doesn't support PFS suites?
There's a list of suites in the blog post; that's what you're asking me.
Right, but the list covers PFS ciphers followed by RC4 as only feedback. If mail clients (K9 for Android for example) don't support DH ciphers, the only supported cipher is RC4 which isn't very safe. I was wondering if there are other alternatives that one can use if DH ciphers are not supported and which are stronger than RC4. I was thinking about AES suites for example.
I am sorry, I didn't realise user agents who did not support DHE nor ECDHE existed.
RSA+AES suites should fine, if nothing else is available. Get a list with:
$ openssl ciphers -V 'RSA+AES'
Tested with stock OpenSSL 1.0.1f.
Thanks! One last question: If I place RSA+AES before RC4, AES ciphers would of course come before ECDH-RSA-RC4-SHA and ECDH-ECDSA-RC4-SHA. If I understand correctly, ECDH ciphers should always be preferred, or is this not true? If yes, what would the cipher list have to look like? Maybe...
EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA256 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EDH+aRSA EECDH RSA+AES RC4-SHA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS
Edit: Actually, never mind. I can remove RC4 alltogether and use only AES as fallback as it should be supported by everything.
Would it be possible to run the SSL test against other (non-HTTPS) services as well? eg. SSL-enabled IMAP or Jabber servers.
STARTTLS would complicate things of course, as this is protocol-specific.
Not at the moment, but the feature will be added... eventually.
Retrieving data ...