* lst_ho...@kwsoft.de <lst_ho...@kwsoft.de>: > >* Do I need tls_preempt_cipherlist = yes, and thus Postfix 2.8.0 or not? > > This let the *server* (Postfix) choose a cipher suggested by the > client, so it depends. If the client has no DH ciphers it doesn't > help, if the client list DH ciphers later in the list Postfix can > choose the DH ciphers that way. If the client has DH ciphers first > in the list it is not necessary.
Well, we can't force them. Is an EDH cipher usually considered "stronger" than a non-EDH cipher and thus automatically preferred? -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
