On Thu, Aug 21, 2025 at 10:22:04AM +0300, Avram-Teodor Berindeie via
Postfix-users wrote:
> Apache and Dovecot offer an option to disable it, that's why I asked.
> For now, if there is no parameter, it remains as is without the suggested
> changes in main.cf.
> Thank you!
I am not entirely sure what you're trying to say above, but should
clarify that with solid support in Postfix to use a custom "openssl.cnf"
file and/or set a custom application name (perhaps even different names
for different master.cf services) it doesn't really make sense to keep
adding Postfix parameters to mirror every new OpenSSL feature.
In particular, the new OpenSSL 3.5+ key exchange "Group" configuration
syntax, TLS 1.3 bulk ciphers and custom signature algorithm lists are
best handled via the OpenSSL configuration file.
On the other hand, certificate chain configuration and TLS 1.2 ciphers
are better handled via the existing Postfix parameters.
--
Viktor. 🇺🇦 Слава Україні!
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
