On Tue, Oct 04, 2011 at 10:00:40PM -0400, Wietse Venema wrote: > mephistophe...@operamail.com: > > smtpd_tls_ciphers = RSA > > As documented, smtpd_tls_ciphers specifies a cipher GRADE > not a cipher NAME. > > TLS_README suggests that the grades are export and high.
Well the full list of grades is: null - encryption-less grades for authenticated loopback traffic export - 90's style export weak keys or stronger low - Legacy single-DES keys or stronger medium - 128-bit RC4 or stronger high - 128-bit AES or stronger Opportunistic TLS defaults to "export", while mandatory TLS defaults to medium. If you are tuning the defaults, you're probably working too hard. The defaults were chosen carefully, and in most casses changes are unwise. -- Viktor.