> On Feb 14, 2016, at 3:39 PM, Wietse Venema <wie...@porcupine.org> wrote:
>
> This will be an incremental release, compared to the transition
> from 2.11 to 3.0. But it will still be worthwhile to update.
>
> Plus some minor stuff.
A couple of the latter to highlight:
* In Postfix 3.1, by default DANE TLSA records will also be used even
when a domain's MX records are not DNSSEC-validated, provided the
TLSA records of the MX host are. See:
http://www.postfix.org/postconf.5.html#smtp_tls_dane_insecure_mx_policy
* The compiled-in non-export Diffie-Hellman parameters for the Postfix SMTP
server now employ a 2048-bit rather than 1024-bit "safe-prime" (p = 2*q + 1,
with q also prime. To ensure that g=2 generates a subgroup of order q, q is
chosen to be 11 mod 24 and p is then 23 mod 24).
--
Viktor.
