On Tue, 12 Nov 2013 19:52:19 +0100 Kurt Roeckx <k...@roeckx.be> wrote: > On Sun, Nov 10, 2013 at 01:37:34AM +0100, Kurt Roeckx wrote: > > > http://www.ietf.org/mail-archive/web/tls/current/msg10471.html > > > > Can I suggest that we just change the default cipher list the > > postfix sends to the server? > > > > I currently see this in postfix's config: > > tls_export_cipherlist = aNULL:-aNULL:ALL:+RC4:@STRENGTH > > tls_high_cipherlist = aNULL:-aNULL:ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH > > tls_low_cipherlist = aNULL:-aNULL:ALL:!EXPORT:+RC4:@STRENGTH > > tls_medium_cipherlist = aNULL:-aNULL:ALL:!EXPORT:!LOW:+RC4:@STRENGTH > > tls_null_cipherlist = eNULL:!aNULL > > > > smtpd_tls_ciphers = export > > smtp_tls_mandatory_ciphers = medium
For what it's worth, this is now a bit different (3.1.3): tls_export_cipherlist = aNULL:-aNULL:HIGH:MEDIUM:LOW:EXPORT:+RC4:@STRENGTH tls_high_cipherlist = aNULL:-aNULL:HIGH:@STRENGTH tls_low_cipherlist = aNULL:-aNULL:HIGH:MEDIUM:LOW:+RC4:@STRENGTH tls_medium_cipherlist = aNULL:-aNULL:HIGH:MEDIUM:+RC4:@STRENGTH tls_null_cipherlist = eNULL:!aNULL smtpd_tls_ciphers = medium smtp_tls_mandatory_ciphers = medium Are people still having this problem? Scott K
