On 06/27/2014 03:15 PM, lst_hoe02(a)kwsoft.de wrote:
with the new Chipermail one can set the ciphers used by S/MIME for
signing and encryption in the GUI settings. This lead to the question if
there are any real life experience how many clients are still not
supporting rfc5751 from 2010 and will therefore not be able to
verify/decrypt mail signed with sha-256 or crypted with AES?
Windows up from XP-SP3 and Outlook 2003 are ok, latest Thunderbird also
no Problem. We are especially interested in feedback about other Gateway
Products and Mobile Clients.
I would think that most applications nowadays support SHA256 and AES
128. However, Windows XP does not support AES in Outlook even with SP3.
At least according to this article:
Now since Windows XP is EOL, I personally would suggest to set the
default to AES128 and SHA256. If a client complains, you can override
the settings (i.e., switch back to 3DES) for this particular client.
Unfortunately I do not have any details of support for other gateways.
The only feedback I have had in the past of failed decryption and/or
validation is certificates was on Outlook with XP.
CipherMail email encryption
Open source email encryption gateway with support for S/MIME, OpenPGP
and PDF encryption.