On Wed, Oct 25, 2017, at 06:57 AM, Petri Riihikallio wrote: > > I checked the server and this is how it's configured > > > > postconf -n | grep smtpd | grep tls | grep ciphers > > smtpd_tls_ciphers = medium > > smtpd_tls_exclude_ciphers = EXPORT, LOW, RC4, eNULL, NULL > > smtpd_tls_mandatory_ciphers = medium > > smtpd_tls_mandatory_exclude_ciphers = aNULL > > tlsproxy_tls_mandatory_exclude_ciphers = > > $smtpd_tls_mandatory_exclude_ciphers > > Both smtpd_*_exclude_ciphers default to empty. Do you know why they are > non-empty in your config?
The notes I found just reference this article by "An OpenSSL User’s Guide to DROWN" https://www.openssl.org/blog/blog/2016/03/01/an-openssl-users-guide-to-drown/ Posted by Viktor Dukhovni and Emilia Käsper , Mar 1st, 2016 2:59 pm Which recommended # Suggested, not strictly needed: # smtpd_tls_exclude_ciphers = EXPORT, LOW, MD5, SEED, IDEA, RC2 smtp_tls_exclude_ciphers = EXPORT, LOW, MD5, aDSS, kECDHe, kECDHr, kDHd, kDHr, SEED, IDEA, RC2 and this discussion "RC4 in live email servers?" http://postfix.1071664.n5.nabble.com/RC4-in-live-email-servers-td78249.html#a78283 Viktor Dukhovni, Jul 18, 2015; 1:12pm Dave
