Viktor Dukhovni:
> On Wed, Feb 10, 2016 at 05:50:21PM +0000, Eray Aslan wrote:
>
> > I am looking for a quick way to determine whether the client and server
> > tls setting are at their default values. Something similar to the
> > attached patch perhaps.
> >
> > Use case: If ssl support is requested by the user, I am hoping to issue
> >
> > postfix tls all-default-client && postfix tls enable-client
> > postfix tls all-default-server && postfix tls enable-server
>
> Well "postfix tls enable-client|server" already checks whether the
> key client or server TLS settings are at their defaults, and if
> not only suggests recommended settings without making any changes.
>
> Are you looking to avoid the "noisy" suggestions?
>
> The patch looks fine. Wietse may well merge it before 3.1.0 is
> done, though we're basically in a code freeze now, so I don't know
> whether patches like this violate the requisite discipline.
>
> > and enable tls out of the box during installation.
>
> This is indeed one of the goals of the new feature, but I thought
> that for now (and perhaps long-term) this should be left up to
> distributions, which install Postfix packages, rather than Postfix
> itself.
Here is a hint: considerable effort went into writing clear
documentation for the new postfix-tls(1) manpage.
Wietse
