For any given cipherlist in Postfix e.g. tls_medium_cipherlist = !kDHE:CHACHA20:-CHACHA20:aNULL:-aNULL:HIGH:MEDIUM:@STRENGTH
Is there a postfix command to display an order list, by preference, of all the actually presented ciphers etc, *including* all the built-in Postfix exclusions? I know I can do openssl ciphers -V CHACHA20:-CHACHA20:aNULL:-aNULL:HIGH:MEDIUM:@STRENGTH (can't figure out how to get the "!kDHE" in there) but that lists the Openssl result obvioiusly. Including the SSL3 ciphers it looks like. IIUC those are excluded in Postfix by smtp_tls_protocols = !SSLv2, !SSLv3 smtpd_tls_protocols = !SSLv2, !SSLv3 in main.cf. Is there a way to get the Postfic-actual cipherlist, so MINUS the SSLv2, SSLv3, and anything else Postfix auto-excludes?
