On Thu, Aug 21, 2025 at 10:35 AM Viktor Dukhovni via Postfix-users < postfix-users@postfix.org> wrote:
> On Thu, Aug 21, 2025 at 10:22:04AM +0300, Avram-Teodor Berindeie via > Postfix-users wrote: > > > Apache and Dovecot offer an option to disable it, that's why I asked. > > For now, if there is no parameter, it remains as is without the suggested > > changes in main.cf. > > Thank you! > > I am not entirely sure what you're trying to say above, but should > clarify that with solid support in Postfix to use a custom "openssl.cnf" > file and/or set a custom application name (perhaps even different names > for different master.cf services) it doesn't really make sense to keep > adding Postfix parameters to mirror every new OpenSSL feature. > > In particular, the new OpenSSL 3.5+ key exchange "Group" configuration > syntax, TLS 1.3 bulk ciphers and custom signature algorithm lists are > best handled via the OpenSSL configuration file. > > On the other hand, certificate chain configuration and TLS 1.2 ciphers > are better handled via the existing Postfix parameters. > > -- > Viktor. 🇺🇦 Слава Україні! > _______________________________________________ > Postfix-users mailing list -- postfix-users@postfix.org > To unsubscribe send an email to postfix-users-le...@postfix.org OK! I'll think about it and when I have time I'll test it on the test server. Thanks again!
_______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
