Victor Duchovni:
> On Sun, Jan 16, 2011 at 04:32:29PM -0500, Wietse Venema wrote:
>
> > I have uploaded postfix-2.8.0-RC1, which contains the same code as
> > postfix-2.9-20110116, except for the bits that were marked as
> > "snapshot only".
> >
> > Currently, this means that "smtpd_tls_eecdh_grade = strong" in
> > snapshot versus "none" in stable, and that the BCC action in
> > access(5) tables exists only in the snapshot release.
>
> I've been running with "smtpd_tls_eecdh_grade = strong" with Postfix
> 2.7 for a while now. No problems to report. Approximately 24,000 EECDH
> sessions a week. Of these approximately 75% use AECDH-AES256-SHA, and ~25%
> use ECDHE-RSA-AES256-SHA.
>
> Perhaps with 2.9 we can finally "mainstream" server-side eecdh support.
Assuming that these aren't all Postfix-to-Postfix sessions, that would
mean EECDH is burned in by now.
Wietse
