On Oct 7, 2013, at 11:01 AM, Viktor Dukhovni wrote: > On Mon, Oct 07, 2013 at 09:06:09AM -0400, Dan Langille wrote: > >>> # cat /usr/local/etc/postfix-config/main/relay_clientcerts >>> 3A:2E:AB:6A:F1:D4:32:74:C9:C6:DD:2B:8D:2A:87:97 cliff.example.org >>> >>> This looks like md5, and while still largely resistant to 2nd >>> preimage attacks, you should still avoid it. >> >> It is indeed MD5. I've changed to sha1 and obtained the new >> fingerprint via: >> >> openssl x509 -noout -in cliff.example.org.crt -fingerprint >> > > Don't forget: > > main.cf: > smtpd_tls_fingerprint_digest = sha1
Does that have to be in main.cf? I added it to master.cf. -- Dan Langille - http://langille.org
