On 15.08.2017 18:27, Viktor Dukhovni wrote: > Don't forget to add: > -o smtpd_tls_ask_ccert=yes > -o smtpd_tls_fingerprint_digest=sha256
Quite so, I had trimmed down my example configuration snippet too much. Interestingly, http://www.postfix.org/postconf.5.html#smtpd_tls_fingerprint_digest does not appear to mention SHA256 as a possible option? I'm still using SHA1, because I thought this was, as of 2017-08, the best algorithm available for smtpd_tls_fingerprint_digest. -Ralph
