On Fri, Nov 08, 2013 at 12:27:13AM +0100, li...@rhsoft.net wrote:
> > If you MUST muck around with raw OpenSSL cipherlists, the underlying
> >
> > tls_<grade>_cipherlist
> >
> > parameters are present and documented, along with appropriate
> > warnings to not go there.
> >
> > Note that Postfix will still apply implicit and configured exclusions
> > to these based on context (!aNULL when verifying peer certificates)
READ THE ABOVE "Note" carefully. The exclusions are applied on
top of the cipher grade at run time. They don't modify the underlying
cipher list that defines the base ciphers for the grade.
> that does not work with "smtpd_tls_security_level = may" and
> "smtpd_tls_security_level = encrypt"
Pilot error.
--
Viktor.
