[Ach] BetterCrypto guide - POSTFIX configuration mistake / missing parameter

Gunnar Haslinger gunnar at haslinger.biz
Fri Oct 14 12:26:47 CEST 2016

Hey Guillaumbe, 

Am 2016-10-14 12:16, schrieb Guillaume REMBERT:

> What is missing here is that by default in a "TLS may" aka
> opportunistic configuration, the ciphers used are driven by the
> parameter "smtpd_tls_ciphers", wich is defined by default to medium

Thats right and it is a well discussed decision that the guide isn't
recommending to configure it to a higher cipher-set. 

See Chapter 2.3.2. Recommended configuration:  

accept all cipher suites, as the alternative would be to fall back to
cleartext transmission - an execption to the last sentence is that MTAs
MUST NOT enable SSLv2 protocol support, due to the DROWN attack1
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/ach/attachments/20161014/26a87693/attachment.html>

More information about the Ach mailing list