> On 6 Aug 2021, at 2:51 pm, Ilari Liusvaara <[email protected]> wrote: > > As note: the DH_anon and ECDH_anon names are a bit misleading: Those > two are actually ephemeral (but are still rarely a good idea to use)
For what it is worth, anon DH, and anon ECDH ciphers are used by default in Postfix when doing unauthenticated opportunistic TLS. Since the server certificate is ignored, we don't bother to solicit one, or offer one if the client does not care. See also: https://datatracker.ietf.org/doc/html/rfc7672#section-8.2 where I explained that I see security advantages to making transparent the client's non-use of a server certificate. That said, I've given up fighting potentially counter-productive "raising the floor" rather than "the celing" on all fronts, and now try to focus on just the most important cases. Thus have accepted the fact that sadly no anon (EC)DH ciphers are available with TLS 1.3. -- Viktor. _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
