> On Mar 13, 2018, at 11:36 AM, LuKreme <krem...@kreme.com> wrote:
> In general, or these specific exclusions?

Mostly in general.  Why do cleartext with clients that can't do strong ciphers,
let them encrypt with their medium ciphers.

> I've had
> smtpd_tls_exclude_ciphers = MD5, SEED, IDEA, RC2, RC4
> For a pretty long time now 

That said, the above are fine to exclude, they are just unnecessary
attack surface, with the exception of "RC4" nobody needs these for
interoperability at this time.  And even "RC4" use is vanishingly


Reply via email to