Am 08.03.2014 01:11, schrieb Glenn English: >> Secure Renegotiation IS supported >> Compression: zlib compression >> Expansion: zlib compression
let me guess: BSD as operating system there where a lot of posts recently that this is a problem honestly you should always disable compression in con text of TLS http://www.postfix.org/TLS_README.html LEGACY_SERVER_CONNECT See SSL_CTX_set_options(3). NO_TICKET See SSL_CTX_set_options(3). NO_COMPRESSION Disable SSL compression even if supported by the OpenSSL library. Compression is CPU-intensive, and compression before encryption does not always improve security. Example: /etc/postfix/main.cf: tls_ssl_options = no_ticket, no_compression You should only enable features via the hexadecimal mask when the need to control the feature is critical (to deal with a new vulnerability or a serious interoperability problem). Postfix DOES NOT promise backwards compatible behavior with respect to the mask bits. A feature enabled via the mask in one release may be enabled by other means in a later release, and the mask bit will then be ignored. Therefore, use of the hexadecimal mask is only a temporary measure until a new Postfix or OpenSSL release provides a better solution.