Hi, > Most unlikely. I am not aware of any legacy versions of Postfix that > support only SSLv2. Provided you have Postfix 2.3 or later, the TLS > support is sufficiently modern and robust.
I'm not happy saying that it's probably older than that. > OpenSSL 1.0.0 will be released shortly, if you wait a bit, I would > strongly recommend OpenSSL 1.0.0 over 0.9.8. Will it be compatible with other programs compiled against 0.9.*? >> What encryption/cipher/key length, session key options, etc, choices >> should I be making if I were to do this today? > > Use the default settings. How can I found out what those defaults are? Is this what I should expect to see on a modern implementation? Mar 1 00:00:39 smtp0 postfix/smtp[6676]: TLS connection established to smtp.mydomain.com TLSv1 wit h cipher EDH-RSA-DES-CBC3-SHA (168/168 bits) Is that a characteristic of the certificate that was created or how postfix was compiled or otherwise? Thanks, Alex
