On Tue, Aug 1, 2017, at 04:41 PM, Viktor Dukhovni wrote: > Just put the cipherlist in single quotes, otherwise "bash" history > substitution gets in the way:
Grrr. Ok. > DO NOT confuse ciphers with protocol versions. > No, these are protocol version exclusions, not cipher exclusions. Yep. That's exactly what I was doing. Clear now. Thanks. > The low-level cipherlist interface is an OpenSSL interface, and > you ask OpenSSL not Postfix to interpret the configuration. Ok. > It is unfortunate that you're forced to scale this particular > learning curve. The vast majority of users can stay blissfully > unaware, and are better off for that. I'm not going to complain about it. I've got a decent start on the details of how to set TLS up in Postfix, how to tear it down, why I'd want to do either and how to check what I ended up with. So I guess, a little wiser. Thanks alot for the guidance!
