On Sat, Jun 21, 2014 at 10:26:41AM -0700, grantksupp...@operamail.com wrote:
> I think I see the variety of options, and understand some of the
> pitfalls, as discussed, but TBH am a bit lost as to what the 'best
> practices' *recommendation* for the cipher list to use is? specifically
> for a PFS-capable Postfix server, with as-robust-as-possible fallback to
> secured traffic, even if weak-cipher encrypted.
The *default* Postfix TLS cipherlist settings are chosen with care.
Best pracice is to leave them as-is.
See also:
http://www.postfix.org/FORWARD_SECRECY_README.html
--
Viktor.
