Zitat von Ralf Hildebrandt <r...@sys4.de>:
What exactly are the prerequisites for "preferring" EDH ciphers in Postfix? * Do I need ECC (and thus OpenSSL >= 1.0.0) or not?
For EDH no, for ECDHE yes
* Do I need tls_preempt_cipherlist = yes, and thus Postfix 2.8.0 or not?
This let the *server* (Postfix) choose a cipher suggested by the client, so it depends. If the client has no DH ciphers it doesn't help, if the client list DH ciphers later in the list Postfix can choose the DH ciphers that way. If the client has DH ciphers first in the list it is not necessary.
Regards Andreas
smime.p7s
Description: S/MIME Cryptographic Signature
