AFAIK, completely disabling ChaCha20 in TLS 1.3 makes your server non-compliant with the spec, since it’s a mandatory cipher. You can, however, deprioritize it in favor of AES-GCM. I also see little reason to disable ChaCha20 at all, since it’s strong, efficient, and often faster on mobile devices without AES acceleration.
Best, Ömer > Am 20.08.2025 um 15:12 schrieb Avram-Teodor Berindeie via Postfix-users > <postfix-users@postfix.org>: > > > Hello, I would like to know if in Postfix 3.10.x there is a possibility to > disable a cipher for example TLS_CHACHA20_POLY1305_SHA256 in the same way as > in: > 1. Apache > SSLCipherSuite TLSv1.3 > TLS_AES_256_GCM_SHA384:!TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256 > 2. Dovecot > ssl_cipher_suites = > TLS_AES_256_GCM_SHA384:!TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256 > > Thank you! > _______________________________________________ > Postfix-users mailing list -- postfix-users@postfix.org > To unsubscribe send an email to postfix-users-le...@postfix.org
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
