The TLS ciphers I use for transport between a number of our servers are limited to
openssl ciphers -v "RSA:\!MEDIUM:\!LOW:\!EXPORT:\!NULL" -tls1 -ssl3 AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 CAMELLIA256-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA1 DES-CBC3-SHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1 AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1 CAMELLIA128-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(128) Mac=SHA1 Reading at http://www.postfix.org/postconf.5.html I tried to configure in main.cf smtpd_tls_protocols = TLSv1, SSLv3, !SSLv2 smtpd_tls_ciphers = RSA smtpd_tls_exclude_ciphers = MEDIUM, LOW, EXPORT, NULL Received mail logs report Oct 4 17:57:14 d1534 postfix/smtpd[4889]: warning: ...: invalid TLS cipher grade: "RSA": aborting TLS session Are openssl cipher group names (e.g. RSA) recognized by Postfix? How do I list the cipher names it does support? If it's in the docs and I missed it, a URL would help. Barry Katz
