Wiadomość napisana przez Philip Paeps <phi...@trouble.is> w dniu 13.04.2017, o godz. 19:46: > > How did you test it without RSA? If I try to connect to Google without RSA > support (aNULL:-aNULL:HIGH:-aRSA:@STRENGTH), it fails to negotiate a cipher > and the connection drops. > > As pointed out though: this really is not making anything more secure...
Sorry if i was not accurate with „RSA” - by that I did not have in mind RSA cipher suite but RSA certificate. If you replace RSA certificate with EC - you will see that all connections to google are made using ECDSA (or just leave smtpd_tls_eccert_file and comment out RSA cert) And as the note that it not make things secure: yes i understand that - but if there is technology that is new and can be used - why not prioritize it where it can be? What’s the point then introducing new stuff if nobody uses it? In my opinion we should push new things, not hide it.
