Hey Guillaumbe, 

Am 2016-10-14 12:16, schrieb Guillaume REMBERT:

> What is missing here is that by default in a "TLS may" aka
> opportunistic configuration, the ciphers used are driven by the
> parameter "smtpd_tls_ciphers", wich is defined by default to medium

Thats right and it is a well discussed decision that the guide isn't
recommending to configure it to a higher cipher-set. 

See Chapter 2.3.2. Recommended configuration:  

accept all cipher suites, as the alternative would be to fall back to
cleartext transmission - an execption to the last sentence is that MTAs
MUST NOT enable SSLv2 protocol support, due to the DROWN attack1
Ach mailing list

Reply via email to