Mark Alan:
> In any case setting 'smtpd_tls_mandatory_exclude_ciphers = AES128, DES,
> MD5, aNULL' should not interfere with postfix ability to choose from
> the strongest to the weakest of the remaining ciphers (as shown by
> openssl ciphers -v 'ALL:@STRENGTH')
>
> Is it a postfix bug? If so, I wonder what other configs can trigger
> the selection of weaker ciphers by postfix?
FYI, SSL/TLS are implemented by the OPENSSL LIBRARY not Postfix.
Questions about how the client and server negotiate the "best"
protocol are better addressed on the appropriate mailing list.
Wietse
