[Ach] BetterCrypto guide - POSTFIX configuration mistake / missing parameter
gunnar at haslinger.biz
Fri Oct 14 12:26:47 CEST 2016
Am 2016-10-14 12:16, schrieb Guillaume REMBERT:
> What is missing here is that by default in a "TLS may" aka
> opportunistic configuration, the ciphers used are driven by the
> parameter "smtpd_tls_ciphers", wich is defined by default to medium
Thats right and it is a well discussed decision that the guide isn't
recommending to configure it to a higher cipher-set.
See Chapter 2.3.2. Recommended configuration:
accept all cipher suites, as the alternative would be to fall back to
cleartext transmission - an execption to the last sentence is that MTAs
MUST NOT enable SSLv2 protocol support, due to the DROWN attack1
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Ach