On Tue, Oct 04, 2011 at 10:00:40PM -0400, Wietse Venema wrote:
> mephistophe...@operamail.com:
> > smtpd_tls_ciphers = RSA
>
> As documented, smtpd_tls_ciphers specifies a cipher GRADE
> not a cipher NAME.
>
> TLS_README suggests that the grades are export and high.
Well the full list of grades is:
null - encryption-less grades for authenticated loopback traffic
export - 90's style export weak keys or stronger
low - Legacy single-DES keys or stronger
medium - 128-bit RC4 or stronger
high - 128-bit AES or stronger
Opportunistic TLS defaults to "export", while mandatory TLS defaults
to medium. If you are tuning the defaults, you're probably working
too hard. The defaults were chosen carefully, and in most casses
changes are unwise.
--
Viktor.
