On Tue, Jul 21, 2015 at 09:49:01AM +0200, A. Schulze wrote:
> >Should I remove "smtpd_tls_mandatory_exclude_ciphers = 3DES"
> >and look how the cipher use change over the next days ?
>
> immediately after I removed "smtpd_tls_mandatory_exclude_ciphers = 3DES"
> some servers fail to establish TLS. At least one was a Exchange 2010 Version
> 14.03...
Did the handshake fail, or did data transfer with 3DES as the cipher
fail? Perhaps they are using a new version of Exchange on an
otherwise rather dated server, whose Schannel library still has
broken 3DES (though I'd always guessed that the problem was in how
Exchange uses Schannel, rather than an Schannel bug, I don't really
know which is to blame).
--
Viktor.
