On Wed, Jan 11, 2012 at 06:14:35PM +0000, Viktor Dukhovni wrote: > On Wed, Jan 11, 2012 at 07:08:30PM +0100, Dennis Guhl wrote: > > On Wed, Jan 11, 2012 at 04:15:17PM +0100, Stefan wrote: > > > Hello list, > > > > > mail.example.com[aaa.bbb.ccc.ddd]:25: TLSv1 with cipher > > > ADH-CAMELLIA256-SHA > > > > This is an anonymous cipher. With
[..] > > you can disable the useage of anonymous ciphers. > > Can, but SHOULD NOT. There is no need to restrict the cipher selection in > this way > or to waste CPU and bandwidth exchanging ignored certificates. I deliberately said nothing about smtp_tls_security_level = may or why it will be senseless to ask for a certificate to verify in this case. Dennis