Hey Guillaumbe, 

Am 2016-10-14 12:16, schrieb Guillaume REMBERT:

> What is missing here is that by default in a "TLS may" aka
> opportunistic configuration, the ciphers used are driven by the
> parameter "smtpd_tls_ciphers", wich is defined by default to medium

Thats right and it is a well discussed decision that the guide isn't
recommending to configure it to a higher cipher-set. 

See Chapter 2.3.2. Recommended configuration:  

accept all cipher suites, as the alternative would be to fall back to
cleartext transmission - an execption to the last sentence is that MTAs
MUST NOT enable SSLv2 protocol support, due to the DROWN attack1
_______________________________________________
Ach mailing list
Ach@lists.cert.at
http://lists.cert.at/cgi-bin/mailman/listinfo/ach

Reply via email to