I noticed that there is a new setting for TLS 1.3 on the SMTP interface 'SSL cipher suite (TLS1.3). The hover text points to the OpenSSL documentation. The documentation of SMG does not tell me anything about this setting, so I think it did not reach the dcoumentation yet.
The OpenSSL documentation tells me the following ciphersuites are available:
- TLS_AES_256_GCM_SHA384
- TLS_CHACHA20_POLY1305_SHA256
- TLS_AES_128_GCM_SHA256
- TLS_AES_128_CCM_8_SHA256
- TLS_AES_128_CCM_SHA256
The first question I have is: when I decide to use a cipher suite do I enter the text exactly as the OpenSSL documentation tells me? E.g. 'TLS_AES_256_GCM_SHA384?
And, if a cipher suite is chosen. Does that exclude the other cipher suites from being used? Or is it just a preference? Or is it possible to exclude suites with the ! sign?
In my smtp logs I see that several of the suites are randomly used: TLS_CHACHA20_POLY1305_SHA256, TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384
What is the effect of using a cipher suite for TLS 1.3 for the TLS 1.2 settings? (None, I hope).