Hi !
I found a nice internet site (https://internet.nl) where you can test
you www or email server.
If i run the test on my actual "in setup" email server i get 2 failures
where i cant figure out after a lot of googleing and try out to solve it.
The first on is the complain about the algo selection
smtp.hoerst.net. ADH-AES256-GCM-SHA384 insufficient
my seeting in main.cf
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_exclude_ciphers = MD5, DES, ADH, RC4, PSD, SRP,
3DES,eNULL, aNULL, ADH-AES256-GCM-SHA384
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1.1, !TLSv1
The second is
it complaining about Key exchange parameters
smtp.hoerst.net. DH-2048 insufficient
my setting is
smtpd_tls_dh1024_param_file = /etc/postfix/dh/ffdhe4096.pem
smtpd_tls_dh512_param_file = /etc/postfix/dh/dh_512.pem
So i really do not understand what else i could do...
Ciao Gerd
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
