On Mon, May 25, 2015 at 10:36:24AM +0200, DTNX Postmaster wrote:
> I am talking about the MSA here, Viktor, not MTA to MTA traffic. That's
> what the previous poster was asking about;
My advice stands. Avoid overly explicit cipher lists. Go with
broad categories, with some exclusions as necessary.
The main thing that's changed since Postfix default settings were
put in place is that it is no longer necessary or advisavle to
support "export" or "low" ciphersuites. We'll likely disable
"export" and "low" by default in Postfix 3.1 (subject to a suitable
compatibility control).
--
Viktor.
