Hey Guillaumbe,
Am 2016-10-14 12:16, schrieb Guillaume REMBERT:
> What is missing here is that by default in a "TLS may" aka
> opportunistic configuration, the ciphers used are driven by the
> parameter "smtpd_tls_ciphers", wich is defined by default to medium
Thats right and it is a well discussed decision that the guide isn't
recommending to configure it to a higher cipher-set.
See Chapter 2.3.2. Recommended configuration:
accept all cipher suites, as the alternative would be to fall back to
cleartext transmission - an execption to the last sentence is that MTAs
MUST NOT enable SSLv2 protocol support, due to the DROWN attack1
_______________________________________________
Ach mailing list
[email protected]
http://lists.cert.at/cgi-bin/mailman/listinfo/ach
